File: soapsessionbackend.html

package info (click to toggle)
lemonldap-ng 1.3.3-1
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 13,084 kB
  • ctags: 2,440
  • sloc: perl: 25,708; makefile: 622; sh: 176; php: 6; sql: 5
file content (136 lines) | stat: -rw-r--r-- 6,676 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
 lang="en" dir="ltr">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />

</head>
<body>
<div class="dokuwiki export">




<h1><a name="soap_session_backend" id="soap_session_backend">SOAP session backend</a></h1>
<div class="level1">

<p>

<acronym title="LemonLDAP::NG">LL::NG</acronym> portal provides <acronym title="Simple Object Access Protocol">SOAP</acronym> end points for sessions management:
</p>
<ul>
<li class="level1"><div class="li"> <strong>sessions/</strong>: read only access to sessions (enough for distant Handlers)</div>
</li>
<li class="level1"><div class="li"> <strong>adminSessions/</strong>: read/write access to sessions (required for distant Portal, distant Manager or distant Handlers which modify sessions)</div>
</li>
</ul>

<p>

This session backend can be used to share sessions stored in a non-network backend (like <a href="../../documentation/1.3/filesessionbackend.html" class="wikilink1" title="documentation:1.3:filesessionbackend">file session backend</a>) or in a network backend protected with a firewall that only accepts <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> flows.
</p>

<p>
Most of the time, <acronym title="Simple Object Access Protocol">SOAP</acronym> session backend is used by Handlers installed on external servers.
</p>

<p>
To configure it, <acronym title="Simple Object Access Protocol">SOAP</acronym> session backend will be set trough Manager in global configuration (used by all Hanlders), and the real session backend will be configured for local components in lemonldap-ng.ini.
</p>

</div>
<!-- SECTION "SOAP session backend" [1-832] -->
<h2><a name="setup" id="setup">Setup</a></h2>
<div class="level2">

</div>
<!-- SECTION "Setup" [833-851] -->
<h3><a name="manager" id="manager">Manager</a></h3>
<div class="level3">

<p>

First, active <acronym title="Simple Object Access Protocol">SOAP</acronym> in <code>General parameters</code> » <code>Advanced parameters</code> » <code><acronym title="Simple Object Access Protocol">SOAP</acronym></code>.
</p>

<p>
Then, set <code>Lemonldap::NG::Common::Apache::Session::<acronym title="Simple Object Access Protocol">SOAP</acronym></code> in <code>General parameters</code> » <code>Sessions</code> » <code>Session storage</code> » <code>Apache::Session module</code> and add the following parameters (case sensitive):

</p>
<table class="inline">
	<tr class="row0 roweven">
		<th class="col0 centeralign" colspan="3">  Required parameters  </th>
	</tr>
	<tr class="row1 rowodd">
		<th class="col0 centeralign">  Name  </th><th class="col1 centeralign">  Comment  </th><th class="col2 centeralign">  Example  </th>
	</tr>
	<tr class="row2 roweven">
		<td class="col0 centeralign">  <strong>proxy</strong>  </td><td class="col1"> <acronym title="Uniform Resource Locator">URL</acronym> of sessions <acronym title="Simple Object Access Protocol">SOAP</acronym> end point </td><td class="col2"> http://auth.example.com/index.pl/sessions </td>
	</tr>
</table>

<p>

<p><div class="notetip">Use /adminSessions if the Handler need to modify the session, for example if you configured an idle timeout.
</div></p>
</p>

</div>
<!-- SECTION "Manager" [852-1450] -->
<h3><a name="apache" id="apache">Apache</a></h3>
<div class="level3">

<p>

Sessions <acronym title="Simple Object Access Protocol">SOAP</acronym> end points access must be allowed in Apache portal configuration (for example, access by <acronym title="Internet Protocol">IP</acronym> range):
</p>
<pre class="code file apache"><span class="co1"># SOAP functions for sessions management (disabled by default)</span>
&lt;<span class="kw3">Location</span> /index.pl/adminSessions&gt;
    <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
    <span class="kw1">Deny</span> from <span class="kw2">all</span>
    <span class="kw1">Allow</span> from 192.168.2.0/24
&lt;/<span class="kw3">Location</span>&gt;
&nbsp;
<span class="co1"># SOAP functions for sessions access (disabled by default)</span>
&lt;<span class="kw3">Location</span> /index.pl/sessions&gt;
    <span class="kw1">Order</span> <span class="kw1">deny</span>,<span class="kw1">allow</span>
    <span class="kw1">Deny</span> from <span class="kw2">all</span>
    <span class="kw1">Allow</span> from 192.168.2.0/24
&lt;/<span class="kw3">Location</span>&gt;</pre>

</div>
<!-- SECTION "Apache" [1451-1956] -->
<h3><a name="real_session_backend" id="real_session_backend">Real session backend</a></h3>
<div class="level3">

<p>

Real session backend will be configured in <code>lemonldap-ng.ini</code>, in <code>portal</code> section (the portal hosts the <acronym title="Simple Object Access Protocol">SOAP</acronym> service for sessions, and will do the link between <acronym title="Simple Object Access Protocol">SOAP</acronym> requests and real sessions).
</p>

<p>
For example, if real sessions are stored in <a href="../../documentation/1.3/filesessionbackend.html" class="wikilink1" title="documentation:1.3:filesessionbackend">files</a>:
</p>
<pre class="code file ini"><span class="re0"><span class="br0">&#91;</span>portal<span class="br0">&#93;</span></span>
<span class="re1">globalStorage</span> <span class="sy0">=</span><span class="re2"> Apache::Session::File</span>
<span class="re1">globalStorageOptions</span> <span class="sy0">=</span><span class="re2"> <span class="br0">&#123;</span> 'Directory' <span class="sy0">=</span>&gt; '/var/lib/lemonldap-ng/sessions/', 'LockDirectory' <span class="sy0">=</span>&gt; '/var/lib/lemonldap-ng/sessions/lock/', <span class="br0">&#125;</span></span></pre>

<p>
<p><div class="notetip">If your sessions explorer is on the same server that the portal, either use the <strong>adminSessions</strong> end point in Manager configuration, or override the <code>globalStorage</code> and <code>globalStorageOptions</code> parameters in section all (and not portal) of <code>lemonldap-ng.ini</code>. 
</div></p>

</p>

</div>
<!-- SECTION "Real session backend" [1957-] --></div><!-- closes <div class="dokuwiki export">-->