The portal

The portal is the main component of LL::NG. It provides many features:

• Authentication service of course
  • Web based for normal users:
    • using own database (LDAP, SQL, …)
    • using Apache authentication system (used for SSL, Kerberos, HTTP basic authentication, …)
    • using external identity provider (SAML, OpenID, CAS, Twitter, other LL::NG system, …)
    • all together (based on user choice, rules, …)
  • SOAP based for client-server software, specific development, …
• Identity provider: LL::NG is able to provide identity service using:
  • SAML
  • OpenID
  • CAS
• Identity provider proxy: LL::NG can be used as proxy translator between systems talking SAML, OpenID, CAS, …
• Internal SOAP server used by SOAP configuration backend and usable for specific development (see SOAP services for more)
• Interactive management of user passwords:
  • Password change form (in menu)
  • Self service reset (send a mail to the user with a to change the password)
  • Force password change with LDAP password policy password reset flag
• Application menu: display authorized applications in categories
• Notifications: prompt users with a message if found in the notification database

LL::NG portal is a modular component. It needs 4 modules to work:

• Authentication: how check user credentials
• User database: where collect user information
• Password database: where change password
• Identity provider: how forward user identity

1. Check if URL asked is valid
2. Check if user is already authenticated
   • If not authenticated (or authentication is forced) try to find it (userDB module) and to authenticate it (auth module), create session, calculate groups and macros and store them
3. Modify password if asked
4. Provides identity if asked
5. Build cookie(s)
6. Redirect user to the asked URL or display menu