Allow dynamic portal URL (!472) · Merge requests · LemonLDAP NG / lemonldap-ng

Maxime Besson requested to merge fix-portal-dynamic-url-3040 into v2.0 Mar 28, 2024

This MR fixes #3040 (closed) by restoring the ability to have a sub as the portal URL in the handler, and making the portal aware of this.

The main mechanism is storing the portal URL in the $req object.

It can be enabled like this:

     # auto-set the cookie domain to the portal subdomain
     domain   => '#PORTALDOMAIN#',

     # use auth.acme.com for all apps on *.acme.com, and auth.example.com in every other case (including CDA)
     portal   =>
'inDomain("acme.com") ? "http://auth.acme.com/" : "http://auth.example.com/"',

I have also ported some, but no all features of LemonLDAP to be compatible with this new ability:

OIDC Issuer
WebAuthn/U2F

But not Auth::SSL (as of yet)

I have written some minimal unit tests, and will be conducting some in-situation testing with a user over the next months. This therefore should be considered a beta feature (which is why I haven't documented it yet)

Edited Mar 28, 2024 by Maxime Besson

Allow dynamic portal URL

Merge request reports