worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
LemonLDAP::NG Web SSO
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10271 Commits
107 Branches
123 Tags
109 MiB
 
 
 
 
 
Tag: Branch: Tree: adb6526dc9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'adb6526dc9'
${ noResults }
lemonldap-ng/doc/sources/admin/portal.rst

110 lines
3.7 KiB
Raw Blame History Escape

The portal
==========
The portal is the main component of LL::NG. It provides many features:
- **Authentication service** of course
- Web based for normal users:
- using own database (:doc:`LDAP<authldap>`, :doc:`SQL<authdbi>`,
...)
- using web server authentication system (used for
:doc:`SSL<authssl>`, :doc:`Kerberos<authapache>`,
:doc:`HTTP basic authentication<authapache>`, ...)
- using external identity provider (:doc:`SAML<authsaml>`,
:doc:`OpenID<authopenid>`, :doc:`CAS<authcas>`,
:doc:`Twitter<authtwitter>`, other LL::NG system, ...)
- all together (based on user :doc:`choice<authchoice>`,
:doc:`rules<authmulti>`, ...)
- :doc:`SOAP based<soapservices>` and
:doc:`REST based<restservices>` for client-server software,
specific development, ...
- **Identity provider**: LL::NG is able to provide identity service
using:
- :doc:`SAML<idpsaml>`
- :doc:`OpenID Connect<idpopenidconnect>`
- :doc:`CAS<idpcas>`
- :doc:`Identity provider proxy<federationproxy>`: LL::NG can be
used as proxy translator between systems talking SAML, OpenID, CAS,
...
- **Internal SOAP server** used by
:doc:`SOAP configuration backend<soapconfbackend>` and usable for
specific development (see :doc:`SOAP services<soapservices>` for
more)
- **Internal REST server** used by
:doc:`REST configuration backend<restconfbackend>` and usable for
specific development (see :doc:`REST services<restservices>` for
more)
- Interactive **management of user passwords**:
- Password change form (in menu)
- Self service reset (send a mail to the user with a to change the
password)
- Force password change with LDAP password policy password reset
flag
- :doc:`Application menu<portalmenu>`: display authorized
applications in categories
- :doc:`Notifications<notifications>`: prompt users with a message
if found in the notification database
- Second factors management
Functioning
-----------
LL::NG portal is a modular component. It needs 4 modules to work:
- :ref:`Authentication<start-authentication-users-and-password-databases>`:
how check user credentials
- :ref:`User database<start-authentication-users-and-password-databases>`:
where collect user information
- :ref:`Password database<start-authentication-users-and-password-databases>`:
where change password
- :ref:`Identity provider<start-identity-provider>`: how forward user
identity
.. tip::
Each module can be disabled using the ``Null`` backend.
Kinematics
----------
#. Check if URL asked is valid
#. Check if user is already authenticated
- If not authenticated (or authentication is forced) try to find it
(userDB module) and to authenticate it (auth module), create
session, ask for second factor if required, calculate groups and
macros and store them. In 1.3, LL::NG has got a captcha feature
which is used in this case.
#. Modify password if asked (password module)
#. Provides identity if asked (IdP module)
#. Build :doc:`cookie(s)<ssocookie>`
#. Redirect user to the asked URL or display menu
.. note::
See also
:ref:`general kinematics presentation<presentation-kinematics>`.
URL parameters
--------------
Some parameters in URL can change the behavior of the portal:
- **logout**: Launch the logout process (for example: ``logout=1``)
- **tab**: Preselect a tab (Choice or Menu) (for example:
``tab=password``)
- **llnglanguage**: Force lang used to display the page (for example:
``llnglanguage=fr``)
- **setCookieLang**: Update lang cookie to persist the language set
with ``llnglanguage`` parameter (for example: ``setCookieLang=1``)