Commit 167f85dd authored by Xavier Guimard's avatar Xavier Guimard

Documentation update

parent c36344d6
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" />
<title>Lemonldap::NG documentation: 4.5-Chain-portals.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
<h2 class="heading-1"><span id="HChainingLemonpdap3A3ANGportals">Chaining
Lemonpdap::NG portals</span></h2>
<p class="paragraph"></p>Since version 0.9.4, Lemonldap::NG is able to
delegate authentication to a remote portal. This can be use to share
authentication without sharing session database to some handlers.
<p class="paragraph"></p>
<ul>
<li>
<a href="#HPrinciple">Principle</a>
<ul>
<li><a href="#Hkinematic">kinematic</a></li>
</ul>
</li>
<li>
<a href="#HConfiguration">Configuration</a>
<ul>
<li><a href="#HMainLemonldap3A3ANGstructure">Main Lemonldap::NG
structure</a></li>
<li><a href="#HSecondaryLemonldap3A3ANGstructure">Secondary
Lemonldap::NG structure</a></li>
</ul>
</li>
<li><a href="#HExample3Ainteroperabilitybetween2organizations">Example :
interoperability between 2 organizations</a></li>
</ul>
<h3 class="heading-1-1"><span id="HPrinciple">Principle</span></h3>
<ul class="star">
<li>The main portal is configured to use CDA (cross-domain
authentication: set just "CDA =&gt; 1" in the portal). The secondary
portal is declared in the manager of the main Lemonldap::NG structure
(else user will be rejected).</li>
<li>The portal of the secondary Lemonldap::NG structure is configured to
delegate authentication to a remote portal. A request to the main
session database is done to be sure that the session exists&nbsp;:</li>
<li>If "exportedAttr" is set, only those attributes are copied in the
session database of the secondary Lemonldap::NG structure. Else, all
datas are copied in the session database.</li>
</ul>
<h4 class="heading-1-1-1"><span id="Hkinematic">kinematic</span></h4>
<p class="paragraph"></p><img src="remote-principle.png" alt=
"remote-principle.png" />
<ol>
<li>User tries to access to an application in the secondary
Lemonldap::NG structure without having a session in this area</li>
<li>Redirection to the portal of the secondary area (transparent)</li>
<li>Redirection to the portal of the main area and normal authentication
(if not done before)</li>
<li>Redirection to the portal of the secondary area (transparent)</li>
<li>Secondary portal check if remote session is available. It can be
done via direct access to the session database or using <span class=
"wikilink"><a href="4.3-Configure-SOAP-fr.html">SOAP access</a></span>.
Then it creates the session (with attribute filter)</li>
<li>User can now access to the protected application</li>
</ol>Note that if the user is already authenticated on the first portal,
all redirections are transparents.
<h3 class="heading-1-1"><span id=
"HConfiguration">Configuration</span></h3>
<h4 class="heading-1-1-1"><span id="HMainLemonldap3A3ANGstructure">Main
Lemonldap::NG structure</span></h4>
<ul class="star">
<li>Portal : set "CDA =&gt; 1",</li>
<li>Manager : declare the secondary portal in protected sites.</li>
</ul>
<h4 class="heading-1-1-1"><span id=
"HSecondaryLemonldap3A3ANGstructure">Secondary Lemonldap::NG
structure</span></h4>
<p class="paragraph"></p>Configure the portal to use the remote
Lemonldap::NG structure. Example
<div class="code">
<pre>
my $p = Lemonldap::NG::Portal-&gt;<span class="java-keyword">new</span>( {
authentication =&gt; 'Remote',
userDB =&gt; 'Remote',
remotePortal =&gt; 'https://remote/',
remoteGlobalStorage =&gt; 'Lemonldap::NG::Common::Apache::Session::SOAP',
remoteGlobalStorageOptions =&gt; {
proxy =&gt; 'https://remote/index.pl/sessions',
ns =&gt; 'https://remote/Lemonldap/NG/Common/CGI/SOAPService',
},
# Optional: restrict exported attributes in the secondary area
exportedAttr =&gt; 'uid cn mail',
... as usual ...
});
</pre>
</div>
<h3 class="heading-1-1"><span id=
"HExample3Ainteroperabilitybetween2organizations">Example :
interoperability between 2 organizations</span></h3>
<p class="paragraph"></p>Using this, we can do a very simple
interoperability system between 2 organizations using both Lemonldap::NG :
<ul class="star">
<li>each area has 2 portals :
<ul class="star">
<li>1 normal</li>
<li>1 type Remote that delegates authentication to the second
organization (just an other file on the same server)</li>
</ul>
</li>
<li>The normal portal has a link included in the authentication form
pointing to the remote portal for the users of the other
organization</li>
</ul>So on each main portal, internal users can access normaly, and users
issued from the other organization have just to click on the link&nbsp;:
<p class="paragraph"></p><img src="remote-interoperability.png" alt=
"remote-interoperability.png" />
<ol>
<li>1 user try to access to the portal</li>
<li>external users click to be redirected to the remote type portal</li>
<li>after redirection, normal authentication in the remote portal</li>
<li>redirection to the remote type portal</li>
<li>validation of the session : external user have now a local
session</li>
</ol>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</body>
</html>
......@@ -110,6 +110,9 @@
<h3 class="heading-1-1"><span id="HVersion1028200929">Version 1.0
(2009)</span></h3><img src="ok.png" alt="ok.png" /> Notification
system<br />
<img src="ok.png" alt="ok.png" /> Chaining portals system (<span class=
"wikilink"><a href="/xwiki/bin/view/NG/AuthRemote">learn
more</a></span>)<br />
<img src="warning_triangle.png" alt="warning_triangle.png" /> Date and
time parameters in access rules<br />
<img src="warning_triangle.png" alt="warning_triangle.png" /> Monitoring
......
......@@ -72,6 +72,7 @@
<li><a href="4.3-Configure-Liberty-Alliance-fr.html">4.3 Configure Liberty Alliance (FR)</a></li>
<li><a href="4.3-Configure-SOAP-fr.html">4.3 Configure SOAP (FR)</a></li>
<li><a href="4.4-Configure-and-use-notification-system.html">4.4 Configure and use notification system</a></li>
<li><a href="4.5-Chain-portals.html">4.5 Chain portals</a></li>
<li><a href="5-Appli-Dokuwiki.html">5 Appli Dokuwiki</a></li>
<li><a href="5-Appli-HTTP-Basic-Authentication.html">5 Appli HTTP Basic Authentication</a></li>
<li><a href="5-Appli-Sympa.html">5 Appli Sympa</a></li>
......
......@@ -28,6 +28,7 @@ my $docs = {
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocSOAP?language=fr' => '4.3-Configure-SOAP-fr.html',
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocLA?language=fr' => '4.3-Configure-Liberty-Alliance-fr.html',
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Notifications' => '4.4-Configure-and-use-notification-system.html',
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/AuthRemote' => '4.5-Chain-portals.html',
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocAppSympa' => '5-Appli-Sympa.html',
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocAppTomcatValve' => '5-Appli-Tomcat-Valve.html',
'http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocAppDokuwiki' => '5-Appli-Dokuwiki.html',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment