Commit bf488752 authored by Xavier Guimard's avatar Xavier Guimard

Documentation update

parent 9d1f39b2
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" />
<title>Lemonldap::NG documentation:
4.5-Proxy-authentication-module.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<style type="text/css">
/*<![CDATA[*/
body{
background: #ddd;
font-family: sans-serif;
font-size: 11pt;
padding: 0 50px;
}
div.main-content{
padding: 10px;
background: #fff;
border: 2px #ccc solid;
}
a{
text-decoration: none;
}
p.footer{
text-align: center;
margin: 5px 0 0 0;
}
.heading-1{
text-align: center;
color: orange;
font-variant: small-caps;
font-size: 20pt;
}
.heading-1-1{
color: orange;
font-size: 14pt;
border-bottom: 2px #ccc solid;
}
pre{
background: #eee;
border: 2px #ccc solid;
padding: 5px;
border-left: 10px #ccc solid;
}
ul.star li{
list-style-type: square;
}
/*]]>*/
</style>
</head>
<body>
<div class="main-content">
Since version 0.9.5, Lemonldap::NG is able to transfer authentication
credentials to another Lemonldap::NG portal (reverse-proxy).
<p class="paragraph"></p>The difference with <span class=
"wikilink"><a href="4.5-Remote-authentication-backend.html">Remote
authentication module</a></span> is that the client will never be redirect
to the main Lemonldap::NG portal. This configuration is usable if you want
to expose your internal SSO to another network (DMZ).
<h3 class="heading-1-1"><span id=
"HConfiguration">Configuration</span></h3>
<h4 class="heading-1-1-1"><span id="HExternalportal">External
portal</span></h4>
<p class="paragraph"></p>You just have to set both authentication and
userDB to "Proxy" and to set the internal SOAP service address:
<p class="paragraph"></p>
<div class="code">
<pre>
authentication =&gt; 'Proxy',
userDB =&gt; 'Proxy',
soapAuthService =&gt; 'https://auth.internal.network/',
# If cookie names deffer, set it here:
#remoteCookieName =&gt; 'lemonldap',
# If SOAP session service is not ${soapAuthService}index.pl/sessions, set it here:
#soapSessionService =&gt; 'https://auth2.internal.network/index.pl/sessions',
</pre>
</div>
<h4 class="heading-1-1-1"><span id="HInternalportal">Internal
portal</span></h4><br />
<br />
The portal must be configured to accept SOAP authentication requests
:<br />
<br />
<div class="code">
<pre>
Soap =&gt; 1,
</pre>
</div><br />
<br />
Don't forget to accept SOAP session request in your apache.conf file
:<br />
<br />
<div class="code">
<pre>
&lt;Directory /<span class=
"java-keyword">var</span>/lib/lemonldap-ng/portal/index.pl/sessions&gt;
Order deny,allow
Deny from all
Allow from my.external.portal
&lt;/Directory&gt;
</pre>
</div>
<p class="footer"><a href="index.html">Index</a></p>
</div>
</body>
</html>
......@@ -153,8 +153,11 @@
<h3 class="heading-1-1"><span id=
"HVersion1028plannedfordecember200929">Version 1.0 (planned for december
2009)</span></h3><img src="warning_triangle.png" alt=
"warning_triangle.png" /> Monitoring scripts (MRTG, Cacti, Nagios)<br />
2009)</span></h3><img src="ok.png" alt="ok.png" /> Proxy authentication
module (<span class="wikilink"><a href=
"/xwiki/bin/view/NG/AuthProxy">learn more</a></span>)<br />
<img src="warning_triangle.png" alt="warning_triangle.png" /> Monitoring
scripts (MRTG, Cacti, Nagios)<br />
<img src="warning_triangle.png" alt="warning_triangle.png" /> Handler POST
functionnalities, to fill authentication forms with login/password<br />
<img src="error.png" alt="error.png" /> Portal and Manager trigger system,
......
......@@ -78,6 +78,7 @@
<li><a href="4.5-LDAP-authentication-backend.html">4.5 LDAP authentication backend</a></li>
<li><a href="4.5-Liberty-Alliance-authentication-backend-fr.html">4.5 Liberty Alliance authentication backend (FR)</a></li>
<li><a href="4.5-Multiple-authentication-backend.html">4.5 Multiple authentication backend</a></li>
<li><a href="4.5-Proxy-authentication-module.html">4.5 Proxy authentication module</a></li>
<li><a href="4.5-Remote-authentication-backend.html">4.5 Remote authentication backend</a></li>
<li><a href="4.5-SAML-authentication-backend.html">4.5 SAML authentication backend</a></li>
<li><a href="4.5-SSL-authentication-backend.html">4.5 SSL authentication backend</a></li>
......
......@@ -44,6 +44,7 @@ my $docs = {
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/CAS' => '4.5-CAS-authentication-backend.html',
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/AuthRemote' => '4.5-Remote-authentication-backend.html',
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/AuthMulti' => '4.5-Multiple-authentication-backend.html',
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/AuthProxy' => '4.5-Proxy-authentication-module.html',
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/AuthSAML' => '4.5-SAML-authentication-backend.html',
'http://wiki.lemonldap.ow2.org/xwiki/bin/view/NG/DocLA?language=fr' => '4.5-Liberty-Alliance-authentication-backend-fr.html',
# User backends
......
......@@ -38,6 +38,10 @@ __END__
Lemonldap::NG::Portal::AuthProxy - Authentication module for Lemonldap::NG
that delegates authentication to a remote Lemonldap::NG portal.
The difference with Remote authentication module is that the client will never
be redirect to the main Lemonldap::NG portal. This configuration is usable if
you want to expose your internal SSO to another network (DMZ).
=head1 SYNOPSIS
use Lemonldap::NG::Portal::SharedConf;
......@@ -46,14 +50,14 @@ that delegates authentication to a remote Lemonldap::NG portal.
# REQUIRED PARAMETERS
authentication => 'Proxy',
userDB => 'Proxy',
soapAuthService => 'https://remote.lemonldap-ng.com/',
soapAuthService => 'https://auth.internal.network/',
# OTHER PARAMETERS
# remoteCookieName (default: same name)
remoteCookieName => 'lemonldap',
# soapSessionService (default ${soapAuthService}index.pl/sessions)
soapSessionService =>
'https://remote.lemonldap-ng.com/index.pl/sessions',
'https://auth2.internal.network/index.pl/sessions',
);
=head1 DESCRIPTION
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment