137 lines
3.6 KiB
HTML
137 lines
3.6 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
|
<head>
|
|
<meta name="generator" content=
|
|
"HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" />
|
|
|
|
<title>Lemonldap::NG documentation:
|
|
4.5-Proxy-authentication-module.html</title>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
|
<style type="text/css">
|
|
/*<![CDATA[*/
|
|
body{
|
|
background: #ddd;
|
|
font-family: sans-serif;
|
|
font-size: 11pt;
|
|
padding: 0 50px;
|
|
}
|
|
div.main-content{
|
|
padding: 10px;
|
|
background: #fff;
|
|
border: 2px #ccc solid;
|
|
}
|
|
a{
|
|
text-decoration: none;
|
|
}
|
|
p.footer{
|
|
text-align: center;
|
|
margin: 5px 0 0 0;
|
|
}
|
|
.heading-1{
|
|
text-align: center;
|
|
color: orange;
|
|
font-variant: small-caps;
|
|
font-size: 20pt;
|
|
}
|
|
.heading-1-1{
|
|
color: orange;
|
|
font-size: 14pt;
|
|
border-bottom: 2px #ccc solid;
|
|
}
|
|
pre{
|
|
background: #eee;
|
|
border: 2px #ccc solid;
|
|
padding: 5px;
|
|
border-left: 10px #ccc solid;
|
|
}
|
|
ul.star li{
|
|
list-style-type: square;
|
|
}
|
|
/*]]>*/
|
|
</style>
|
|
</head>
|
|
|
|
<body>
|
|
<div class="main-content">
|
|
<h2 class="heading-1"><span id="HProxy">Proxy</span></h2>
|
|
|
|
<p class="paragraph"></p>
|
|
|
|
<ul>
|
|
<li>
|
|
<a href="#HConfiguration">Configuration</a>
|
|
|
|
<ul>
|
|
<li><a href="#HExternalportal">External portal</a></li>
|
|
|
|
<li><a href="#HInternalportal">Internal portal</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>Since version 1.0, Lemonldap::NG is able to transfer authentication
|
|
credentials to another Lemonldap::NG portal (reverse-proxy).
|
|
|
|
<p class="paragraph"></p>The difference with <span class=
|
|
"wikilink"><a href="4.5-Remote-authentication-backend.html">Remote
|
|
authentication module</a></span> is that the client will never be redirect
|
|
to the main Lemonldap::NG portal. This configuration is usable if you want
|
|
to expose your internal SSO to another network (DMZ).
|
|
|
|
<h3 class="heading-1-1"><span id=
|
|
"HConfiguration">Configuration</span></h3>
|
|
|
|
<h4 class="heading-1-1-1"><span id="HExternalportal">External
|
|
portal</span></h4>
|
|
|
|
<p class="paragraph"></p>You just have to set both authentication and
|
|
userDB to "Proxy" and to set the internal SOAP service address:
|
|
|
|
<p class="paragraph"></p>
|
|
|
|
<div class="code">
|
|
<pre>
|
|
authentication => 'Proxy',
|
|
userDB => 'Proxy',
|
|
soapAuthService => 'https://auth.internal.network/',
|
|
# If cookie names deffer, set it here:
|
|
#remoteCookieName => 'lemonldap',
|
|
# If SOAP session service is not ${soapAuthService}index.pl/sessions, set it here:
|
|
#soapSessionService => 'https://auth2.internal.network/index.pl/sessions',
|
|
</pre>
|
|
</div>
|
|
|
|
<h4 class="heading-1-1-1"><span id="HInternalportal">Internal
|
|
portal</span></h4><br />
|
|
<br />
|
|
The portal must be configured to accept SOAP authentication requests
|
|
:<br />
|
|
<br />
|
|
|
|
<div class="code">
|
|
<pre>
|
|
Soap => 1,
|
|
</pre>
|
|
</div><br />
|
|
<br />
|
|
Don't forget to accept SOAP session request in your apache.conf file
|
|
:<br />
|
|
<br />
|
|
|
|
<div class="code">
|
|
<pre>
|
|
<Directory /<span class=
|
|
"java-keyword">var</span>/lib/lemonldap-ng/portal/index.pl/sessions>
|
|
Order deny,allow
|
|
Deny from all
|
|
Allow from my.external.portal
|
|
</Directory>
|
|
</pre>
|
|
</div>
|
|
</div>
|
|
|
|
<p class="footer"><a href="index.html">Index</a></p>
|
|
</body>
|
|
</html>
|