worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
LemonLDAP::NG Web SSO
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11155 Commits
107 Branches
123 Tags
109 MiB
 
 
 
 
 
Tag: Branch: Tree: dccb633531
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'dccb633531'
${ noResults }
lemonldap-ng/doc/sources/admin/authrest.rst

70 lines
2.6 KiB
Raw Blame History

REST
====
============== ===== ========
Authentication Users Password
============== ===== ========
✔ ✔ ✔
============== ===== ========
Presentation
------------
This backend can be used to delegate authentication to some webservices.
Configuration
-------------
In Manager, go in ``General Parameters`` > ``Authentication modules``
and choose REST for authentication, users and/or password modules.
Then, go in ``REST parameters`` and you just have to set REST URL to
provide wanted services:
===================== ====================================
Module Parameter
===================== ====================================
Authentication level Authentication level for this module
Authentication Authentication URL
User database User data URL
Password confirmation Password confirmation URL
Password change Password change URL
===================== ====================================
.. tip::
You can then choose any other module for users and
password.
REST Dialog
-----------
LemonLDAP::NG will call the endpoints you declared at various steps
during the login process.
The request performed by LemonLDAP::NG is a POST on the URL you
specified, the content of the POST is a JSON document
(``Content-Type: application/json``).
REST web services must respond with a success HTTP code (200), and the
response must be a JSON document containing a ``result`` key.
Auth/UserDB endpoints can add an ``info`` array that will be stored in
session data (without reading "Exported variables").
========================= ======================================= ===================================================
URL Query Response
========================= ======================================= ===================================================
Authentication URL ``{"user":$user,"password":$password}`` ``{"result":true/false,"info":{...}}``
User data URL ``{"user":$user}`` ``{"result":true/false,"info":{"uid":"dwho",...}}``
Password confirmation URL ``{"user":$user,"password":$password}`` ``{"result":true/false}``
Password change URL ``{"user":$user,"password":$password}`` ``{"result":true/false}``
========================= ======================================= ===================================================
.. tip::
To have only one REST call during the login process, you can
set REST only as an Authentication backend, configure Null as your User
Database, and make sure the REST authentication URL send all your user
attributes in the ``info`` response key