<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:handlerauthbasic< / title >
< meta name = "generator" content = "DokuWiki" / >
< meta name = "robots" content = "index,follow" / >
< meta name = "keywords" content = "documentation,2.0,handlerauthbasic" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "handlerauthbasic.html" / >
< link rel = "contents" href = "handlerauthbasic.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : h a n d l e r a u t h b a s i c " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script >
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script >
<!-- //endif -->
< / head >
< body >
< div class = "dokuwiki export container" >
<!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Presentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configuration" > Configuration< / a > < / div >
< ul class = "toc" >
< li class = "level2" > < div class = "li" > < a href = "#virtual_host" > Virtual host< / a > < / div > < / li >
< li class = "level2" > < div class = "li" > < a href = "#nginx" > Nginx< / a > < / div > < / li >
< li class = "level2" > < div class = "li" > < a href = "#handler_parameters" > Handler parameters< / a > < / div > < / li >
< / ul > < / li >
< / ul >
< / div >
< / div >
<!-- TOC END -->
< h1 class = "sectionedit1" id = "authbasic_handler" > AuthBasic Handler< / h1 >
< div class = "level1" >
< / div >
<!-- EDIT1 SECTION "AuthBasic Handler" [1 - 33] -->
< h2 class = "sectionedit2" id = "presentation" > Presentation< / h2 >
< div class = "level2" >
< p >
The AuthBasic Handler is a special Handler that will use AuthBasic to authenticate to a virtual host, and then run authorization rules to allow access to the virtual
host.
< / p >
< p >
The Handler will send a WWW-Authenticate header to the client, to request user and password, and then check the credentials using REST web service (you must enable REST session service in the manager). Then, when session is granted, the Handler will check authorizations like the standard Handler.
< / p >
< p >
This can be useful to allow a third party application to access a virtual host with users credentials by sending a Basic challenge to it.
< / p >
< / div >
<!-- EDIT2 SECTION "Presentation" [34 - 672] -->
< h2 class = "sectionedit3" id = "configuration" > Configuration< / h2 >
< div class = "level2" >
< / div >
<!-- EDIT3 SECTION "Configuration" [673 - 699] -->
< h3 class = "sectionedit4" id = "virtual_host" > Virtual host< / h3 >
< div class = "level3" >
< p >
You just have to set “Type: AuthBasic” in the virtualHost options in the manager.
< / p >
< p >
If you want to protect only a virtualHost part, keep type on “Main” and set type in your configuration file:
< / p >
< ul >
< li class = "level1" > < div class = "li" > Apache: use simply a < code > PerlSetVar VHOSTTYPE AuthBasic< / code > < / div >
< / li >
< li class = "level1" > < div class = "li" > Nginx: create another FastCGI with a < code > fastcgi_param VHOSTTYPE = AuthBasic;< / code > < em > (and remove error_page 401)< / em > < / div >
< / li >
< / ul >
< / div >
<!-- EDIT4 SECTION "Virtual host" [700 - 1090] -->
< h3 class = "sectionedit5" id = "nginx" > Nginx< / h3 >
< div class = "level3" >
< p >
Since 1.9.6, LLNG FastCGI server can handle AuthBasic handler. To call it, you just have to add < code > fastcgi_param VHOSTTYPE AuthBasic;< / code > in the FastCGI server call and remove < code > error_page 401< / code > directive:
< / p >
< pre class = "file" > location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
fastcgi_param VHOSTTYPE AuthBasic;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH " " ;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will receive /lmauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
location / {
...
##################################
# CALLING AUTHENTICATION #
##################################
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
# Remove this for AuthBasic handler
#error_page 401 $lmlocation;
...
}< / pre >
< / div >
<!-- EDIT5 SECTION "Nginx" [1091 - 2113] -->
< h3 class = "sectionedit6" id = "handler_parameters" > Handler parameters< / h3 >
< div class = "level3" >
< p >
No parameters needed. But you have to allow sessions web services, see < a href = "restsessionbackend.html" class = "wikilink1" title = "documentation:2.0:restsessionbackend" > REST sessions backend< / a > .
< / p >
< / div >
<!-- EDIT6 SECTION "Handler parameters" [2114 - ] --> < / div >
< / body >
< / html >
