SSO with public/auth Website
Hi,
1 - Needs
I have one Website with an user auth in the webpage. I want to have a websso for the Website and to keep the login/password in the webpage. I don't want to:
- be redirected on the portal to enter login/password
- have a directory or an new URL for protect content (i don't want to modify my stats system)
However, i can do some modifications :
- I can post login and password on the portal
- I can read HTTP Header (of course. otherwise i don't use lemonldap-ng)
2 - How to do it ?
For me, there is maybe a not very complex solution. It would be great to have a keyword like 'allownosession' (we have 'accept', ...) to configure an Handler. With the option 'allownosession', lemonldap-ng let the user go through. 2 cases :
- A wrong lemoncookie or no lemoncookie : handler delete HTTP Header (if the client want to forge it. For the security)
- A good cookie : handler add HTTP Headers.
Best regards,