1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:1.9:portal</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,1.9,portal"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="portal.html"/>
<link rel="contents" href="portal.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9';var JSINFO = {"id":"documentation:1.9:portal","namespace":"documentation:1.9"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<h1 class="sectionedit1" id="the_portal">The portal</h1>
<div class="level1">
<p>
The portal is the main component of <abbr title="LemonLDAP::NG">LL::NG</abbr>. It provides many features:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication service</strong> of course</div>
<ul>
<li class="level2"><div class="li"> Web based for normal users:</div>
<ul>
<li class="level3"><div class="li"> using own database (<a href="authldap.html" class="wikilink1" title="documentation:1.9:authldap">LDAP</a>, <a href="authdbi.html" class="wikilink1" title="documentation:1.9:authdbi">SQL</a>, …)</div>
</li>
<li class="level3"><div class="li"> using Apache authentication system (used for <a href="authssl.html" class="wikilink1" title="documentation:1.9:authssl">SSL</a>, <a href="authapache.html" class="wikilink1" title="documentation:1.9:authapache">Kerberos</a>, <a href="authapache.html" class="wikilink1" title="documentation:1.9:authapache">HTTP basic authentication</a>, …)</div>
</li>
<li class="level3"><div class="li"> using external identity provider (<a href="authsaml.html" class="wikilink1" title="documentation:1.9:authsaml">SAML</a>, <a href="authopenid.html" class="wikilink1" title="documentation:1.9:authopenid">OpenID</a>, <a href="authcas.html" class="wikilink1" title="documentation:1.9:authcas">CAS</a>, <a href="authtwitter.html" class="wikilink1" title="documentation:1.9:authtwitter">Twitter</a>, other <abbr title="LemonLDAP::NG">LL::NG</abbr> system, …)</div>
</li>
<li class="level3"><div class="li"> all together (based on user <a href="authchoice.html" class="wikilink1" title="documentation:1.9:authchoice">choice</a>, <a href="authmulti.html" class="wikilink1" title="documentation:1.9:authmulti">rules</a>, …)</div>
</li>
</ul>
</li>
<li class="level2"><div class="li"> <a href="soapservices.html" class="wikilink1" title="documentation:1.9:soapservices">SOAP based</a> for client-server software, specific development, …</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong>Identity provider</strong>: <abbr title="LemonLDAP::NG">LL::NG</abbr> is able to provide identity service using:</div>
<ul>
<li class="level2"><div class="li"> <a href="idpsaml.html" class="wikilink1" title="documentation:1.9:idpsaml">SAML</a></div>
</li>
<li class="level2"><div class="li"> <a href="idpopenid.html" class="wikilink1" title="documentation:1.9:idpopenid">OpenID</a></div>
</li>
<li class="level2"><div class="li"> <a href="idpcas.html" class="wikilink1" title="documentation:1.9:idpcas">CAS</a></div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong><a href="federationproxy.html" class="wikilink1" title="documentation:1.9:federationproxy">Identity provider proxy</a></strong>: <abbr title="LemonLDAP::NG">LL::NG</abbr> can be used as proxy translator between systems talking <abbr title="Security Assertion Markup Language">SAML</abbr>, OpenID, <abbr title="Central Authentication Service">CAS</abbr>, …</div>
</li>
<li class="level1"><div class="li"> <strong>Internal SOAP server</strong> used by <a href="soapconfbackend.html" class="wikilink1" title="documentation:1.9:soapconfbackend">SOAP configuration backend</a> and usable for specific development (see <a href="soapservices.html" class="wikilink1" title="documentation:1.9:soapservices">SOAP services</a> for more)</div>
</li>
<li class="level1"><div class="li"> Interactive <strong>management of user passwords</strong>:</div>
<ul>
<li class="level2"><div class="li"> Password change form (in menu)</div>
</li>
<li class="level2"><div class="li"> Self service reset (send a mail to the user with a to change the password)</div>
</li>
<li class="level2"><div class="li"> Force password change with LDAP password policy password reset flag</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> <strong><a href="portalmenu.html" class="wikilink1" title="documentation:1.9:portalmenu">Application menu</a></strong>: display authorized applications in categories</div>
</li>
<li class="level1"><div class="li"> <strong><a href="notifications.html" class="wikilink1" title="documentation:1.9:notifications">Notifications</a></strong>: prompt users with a message if found in the notification database</div>
</li>
</ul>
</div>
<!-- EDIT1 SECTION "The portal" [1-1598] -->
<h2 class="sectionedit2" id="functioning">Functioning</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> portal is a modular component. It needs 4 modules to work:
</p>
<ul>
<li class="level1"><div class="li"> <a href="start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:1.9:start">Authentication</a>: how check user credentials</div>
</li>
<li class="level1"><div class="li"> <a href="start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:1.9:start">User database</a>: where collect user information</div>
</li>
<li class="level1"><div class="li"> <a href="start.html#authentication_users_and_password_databases" class="wikilink1" title="documentation:1.9:start">Password database</a>: where change password</div>
</li>
<li class="level1"><div class="li"> <a href="start.html#identity_provider" class="wikilink1" title="documentation:1.9:start">Identity provider</a>: how forward user identity</div>
</li>
</ul>
<div class="notetip">Each module can be disabled using the <code>Null</code> backend.
</div>
</div>
<!-- EDIT2 SECTION "Functioning" [1599-2145] -->
<h2 class="sectionedit3" id="kinematics">Kinematics</h2>
<div class="level2">
<ol>
<li class="level1"><div class="li"> Check if <abbr title="Uniform Resource Locator">URL</abbr> asked is valid</div>
</li>
<li class="level1"><div class="li"> Check if user is already authenticated</div>
<ul>
<li class="level2"><div class="li"> If not authenticated (or authentication is forced) try to find it (userDB module) and to authenticate it (auth module), create session, calculate groups and macros and store them. In 1.3, <abbr title="LemonLDAP::NG">LL::NG</abbr> have a captcha feature which is used in this case.</div>
</li>
</ul>
</li>
<li class="level1"><div class="li"> Modify password if asked</div>
</li>
<li class="level1"><div class="li"> Provides identity if asked</div>
</li>
<li class="level1"><div class="li"> Build <a href="ssocookie.html" class="wikilink1" title="documentation:1.9:ssocookie">cookie(s)</a></div>
</li>
<li class="level1"><div class="li"> Redirect user to the asked <abbr title="Uniform Resource Locator">URL</abbr> or display menu</div>
</li>
</ol>
<div class="noteclassic">See also <a href="documentation/presentation.html#kinematics" class="wikilink1" title="documentation:presentation">general kinematics presentation</a>.
</div>
</div>
<!-- EDIT3 SECTION "Kinematics" [2146-] --></div>
</body>
</html>
|
