File: authbasic.html

package info (click to toggle)
lemonldap-ng 1.9.7-3%2Bdeb9u2
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 39,024 kB
  • sloc: perl: 37,552; makefile: 922; sh: 472; sql: 5
file content (112 lines) | stat: -rw-r--r-- 6,044 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
  <meta charset="utf-8" />
  <title>documentation:1.9:applications:authbasic</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,1.9,applications,authbasic"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authbasic.html"/>
<link rel="contents" href="authbasic.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9:applications';var JSINFO = {"id":"documentation:1.9:applications:authbasic","namespace":"documentation:1.9:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
  <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
  <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">

<h1 class="sectionedit1" id="http_basic_authentication">HTTP Basic Authentication</h1>
<div class="level1">

<p>
<a href="http_logo.png_documentation_1.9_applications_authbasic.html" class="media" title="applications:http_logo.png"><img src="http_logo.png" class="mediacenter" alt="" /></a>
</p>

</div>
<!-- EDIT1 SECTION "HTTP Basic Authentication" [1-77] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<div class="noteimportant">For now, this feature is only supported by Apache handler.
</div>
<p>
Extract from the <a href="http://en.wikipedia.org/wiki/Basic_access_authentication" class="urlextern" title="http://en.wikipedia.org/wiki/Basic_access_authentication"  rel="nofollow">Wikipedia article</a>:
</p>

<p>
<blockquote>
In the context of an HTTP transaction, the basic access authentication is a method designed to allow a web browser, or other client program, to provide credentials – in the form of a user name and password – when making a request.
</p>

<p>
Before transmission, the username and password are encoded as a sequence of base-64 characters. For example, the user name Aladdin and password open sesame would be combined as Aladdin:open sesame – which is equivalent to QWxhZGRpbjpvcGVuIHNlc2FtZQ== when encoded in Base64. Little effort is required to translate the encoded string back into the user name and password, and many popular security tools will decode the strings “on the fly”.
</blockquote>
</p>

<p>
So HTTP Basic Autentication is managed trough an HTTP header (<code>Authorization</code>), that can be forged by <abbr title="LemonLDAP::NG">LL::NG</abbr>, with this precautions:
</p>
<ul>
<li class="level1"><div class="li"> Data should not contains accents or special characters, as HTTP protocol only allow <abbr title="American Standard Code for Information Interchange">ASCII</abbr> values in header (but depending on the HTTP server, you can use ISO encoded values)</div>
</li>
<li class="level1"><div class="li"> You need to forward the password, which can be the user main password (if <a href="../passwordstore.html" class="wikilink1" title="documentation:1.9:passwordstore">password is stored in session</a>, or any user attribute (if you keep secondary passwords in users database).</div>
</li>
</ul>

</div>
<!-- EDIT2 SECTION "Presentation" [78-1535] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">

<p>
The Basic Authentication relies on a specific HTTP header, as described above. So you have just to declare this header for the virtual host in Manager.
</p>

<p>
For example, to forward login (<code>$uid</code>) and password (<code>$_password</code> if <a href="../passwordstore.html" class="wikilink1" title="documentation:1.9:passwordstore">password is stored in session</a>):
</p>
<pre class="code">Authorization =&gt; &quot;Basic &quot;.encode_base64(&quot;$uid:$_password&quot;, &quot;&quot;)</pre>
<div class="noteimportant">Don&#039;t forget to add an empty string as second argument of encode_base64 to avoid insert of “newline” characters
</div>
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> provides a special function named <a href="../extendedfunctions.html#basic" class="wikilink1" title="documentation:1.9:extendedfunctions">basic</a> to build this header.
</p>

<p>
So the above example can also be written like this:
</p>
<pre class="code">Authorization =&gt; basic($uid,$_password)</pre>
<div class="notetip">The <code>basic</code> function will also force conversion from UTF-8 to ISO-8859-1, which should be accepted by most of HTTP servers.
</div>
</div>
<!-- EDIT3 SECTION "Configuration" [1536-] --></div>
</body>
</html>