Allow dynamic portal URL
This MR fixes #3040 (closed) by restoring the ability to have a sub as the portal URL in the handler, and making the portal aware of this.
The main mechanism is storing the portal URL in the $req object.
It can be enabled like this:
# auto-set the cookie domain to the portal subdomain
domain => '#PORTALDOMAIN#',
# use auth.acme.com for all apps on *.acme.com, and auth.example.com in every other case (including CDA)
portal =>
'inDomain("acme.com") ? "http://auth.acme.com/" : "http://auth.example.com/"',
I have also ported some, but no all features of LemonLDAP to be compatible with this new ability:
- OIDC Issuer
- WebAuthn/U2F
But not Auth::SSL (as of yet)
I have written some minimal unit tests, and will be conducting some in-situation testing with a user over the next months. This therefore should be considered a beta feature (which is why I haven't documented it yet)
Edited by Maxime Besson