<divclass="noteimportant">This function is not compliant with <ahref="safejail.html"class="wikilink1"title="documentation:2.0:safejail">Safe jail</a>, you will need to disable the jail to use it.
<divclass="notetip">Since version 2.0, this function is now compliant with <ahref="safejail.html"class="wikilink1"title="documentation:2.0:safejail">Safe jail</a>.
</div>
<p>
This function uses the secret key of LLNG configuration to crypt a data. This can be used to anonymize identifier given to the protected application.
...
...
@@ -370,6 +371,16 @@ This function uses the secret key of LLNG configuration to crypt a data. This ca
<preclass="code">encrypt($_whatToTrace)</pre>
</div>
<!-- EDIT12 SECTION "encrypt" [5754-] --></div>
<!-- EDIT12 SECTION "encrypt" [5754-6059] -->
<h3class="sectionedit13"id="token">token</h3>
<divclass="level3">
<p>
This function generates token used to <ahref="servertoserver.html"class="wikilink1"title="documentation:2.0:servertoserver">handle server webservice calls</a>.
<divclass="notetip">You need <ahref="http://fedoraproject.org/wiki/EPEL/"class="urlextern"title="http://fedoraproject.org/wiki/EPEL/"rel="nofollow">EPEL</a> repository. See how you can activate this repository: <ahref="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse"class="urlextern"title="http://fedoraproject.org/wiki/EPEL/FAQ#howtouse"rel="nofollow">http://fedoraproject.org/wiki/EPEL/FAQ#howtouse</a>
</div>
...
...
@@ -304,6 +306,6 @@ For Nginx:
<divclass="noteimportant">As you need a recent version of Nginx, the best is to install <ahref="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-red-hat-centos-packages"class="urlextern"title="https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-red-hat-centos-packages"rel="nofollow">Nginx official packages</a>.
@@ -142,10 +142,19 @@ Then, set <code>Lemonldap::NG::Common::Apache::Session::REST</code> in <code>Gen
<trclass="row2 roweven">
<tdclass="col0 centeralign"><strong>baseUrl</strong></td><tdclass="col1"><abbrtitle="Uniform Resource Locator">URL</abbr> of sessions REST end point </td><tdclass="col2"> http://auth.example.com/sessions/global </td>
<tdclass="col0 centeralign"><strong>user</strong></td><tdclass="col1"> Username to use for auth basic mechanism </td><tdclass="col2 leftalign"></td>
</tr>
<trclass="row5 rowodd">
<tdclass="col0 centeralign"><strong>password</strong></td><tdclass="col1"> Password to use for auth basic mechanism </td><tdclass="col2 leftalign"></td>
</tr>
</table></div>
<!-- EDIT4 TABLE [1758-1917] -->
<!-- EDIT4 TABLE [1758-2073] -->
</div>
<!-- EDIT3 SECTION "Manager" [1410-1918] -->
<!-- EDIT3 SECTION "Manager" [1410-2074] -->
<h3class="sectionedit5"id="apache">Apache</h3>
<divclass="level3">
...
...
@@ -158,7 +167,7 @@ Sessions REST end points access must be allowed in Apache portal configuration (
@@ -175,6 +184,6 @@ For example, if real sessions are stored in <a href="filesessionbackend.html" cl
<divclass="notetip">Session explorer and “single session” features can't be used using this backend. Session explorer and portal must be launched with real backend.
Webapp1 can read this header and use it in its requests in the <code>X-Llng-Token</code> header. The token is build using the session ID and the list of authorized virtualhosts. The token is available only 30 and only the listed virtualhosts.
Webapp1 can read this header and use it in its requests in the <code>X-Llng-Token</code> header. The token is build using the session ID and the list of authorized virtualhosts. The token is available only 30 seconds and only the listed virtualhosts.
Change handler type to “ServiceToken”. So it is able to manage both user and server connections. And that's all !
</p>
<divclass="noteimportant">If you use “Server” platform (Nginx), don't forget to give the <code>X-Llng-Token</code> header to the FastCGI handler (formatted as <code>HTTP_X_LLNG_TOKEN</code>).
<divclass="notetip">This mechanism can be used to secure access for remote servers that cross an unsecured network to access to <abbrtitle="LemonLDAP::NG">LL::NG</abbr> databases.
</div>
<p>
Since version 2.0, same services are available by REST.
</p>
</div>
<!-- EDIT1 SECTION "Configure LemonLDAP::NG to use SOAP proxy mechanism" [1-383] -->
<!-- EDIT1 SECTION "Configure LemonLDAP::NG to use SOAP proxy mechanism" [1-439] -->
<h2class="sectionedit2"id="use_soap_for_lemonldapng_configuration">Use SOAP for Lemonldap::NG configuration</h2>
<divclass="level2">
...
...
@@ -70,7 +74,7 @@ Steps:
</ul>
</div>
<!-- EDIT2 SECTION "Use SOAP for Lemonldap::NG configuration" [384-649] -->
<!-- EDIT2 SECTION "Use SOAP for Lemonldap::NG configuration" [440-705] -->
<h2class="sectionedit3"id="use_soap_for_lemonldapng_sessions">Use SOAP for Lemonldap::NG sessions</h2>
<divclass="level2">
...
...
@@ -85,6 +89,6 @@ Steps:
</ul>
</div>
<!-- EDIT3 SECTION "Use SOAP for Lemonldap::NG sessions" [650-] --></div>
<!-- EDIT3 SECTION "Use SOAP for Lemonldap::NG sessions" [706-] --></div>
@@ -92,10 +92,12 @@ In the manager (advanced parameters), you just have to enable it:
</li>
<liclass="level1"><divclass="li"> U2F ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <ahref="http://auth.your.domain/u2fregister"class="urlextern"title="http://auth.your.domain/u2fregister"rel="nofollow">http://auth.your.domain/u2fregister</a>)</em></div>
</li>
<liclass="level1"><divclass="li"> U2F ⇒ Authentication level: you can overwrite here auth level for U2F registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em></div>
<liclass="level1"><divclass="li"><ahref="#rules_and_headers">Rules and headers</a></div></li>
...
...
@@ -80,15 +81,26 @@
<liclass="level1"><divclass="li"><strong>“Multi” doesn't exist anymore</strong>: it is replaced by the more powerful <ahref="authcombination.html"class="wikilink1"title="documentation:2.0:authcombination">Combination</a></div>
</li>
</ul>
<divclass="notewarning">Apache-ModPerl is no longer usable since version 2.4 <em>(many segfaults,…)</em>. LLNG doesn't use anymore ModPerl::Registry: all is now handle by FastCGI <em>(portal and manager)</em>.
<divclass="noteimportant">Apache-ModPerl is no longer usable since version 2.4 <em>(many segfaults,…)</em>, especially when using mpm-worker. That's why LLNG doesn't use anymore ModPerl::Registry: all is now handle by FastCGI <em>(portal and manager)</em>.
<p>
<strong>For handlers, it is now recommended to migrate to Nginx</strong>, but Apache-2 is still supported
<strong>For handlers, it is now recommended to migrate to Nginx</strong>, but Apache-2.X is still supported
<liclass="level1"><divclass="li"><strong>Syslog</strong>: logs are now configured only in <code>lemonldap-ng.ini</code> file. If you use Syslog, you must reconfigure it. See <ahref="logs.html"class="wikilink1"title="documentation:2.0:logs">logs</a> for more.</div>
</li>
<liclass="level1"><divclass="li"><strong>Apache2</strong>: Portal doesn't use anymore Apache2 logger. Logs continue to be written to Apache error.log but Apache “LogLevel” parameter has no effet on it: portal is now a FastCGI application and doesn't use anymore ModPerl. See <ahref="logs.html"class="wikilink1"title="documentation:2.0:logs">logs</a> for more.</div>
<h2class="sectionedit5"id="rules_and_headers">Rules and headers</h2>
<!-- EDIT5 SECTION "Handlers" [1854-2202] -->
<h2class="sectionedit6"id="rules_and_headers">Rules and headers</h2>
<divclass="level2">
<ul>
<liclass="level1"><divclass="li"> pseudo variable <code>$ip</code> is replaced by <code><ahref="extendedfunctions.html#request_information"class="wikilink1"title="documentation:2.0:extendedfunctions">remote_ip()</a></code> function in <ahref="writingrulesand_headers.html"class="wikilink1"title="documentation:2.0:writingrulesand_headers">rules and headers</a>. Note that session variable <code>$ipAddr</code><em>(remote address seen by portal)</em> is still available</div>
