documentation:1.3:applications:sympa

Sympa

Sympa is a mailing list manager.

There are two ways to configure SSO with Sympa:

  • Auto login: a special LL::NG Handler will generate Sympa cookie (for Sympa 5 only !)
  • Magic authentication: a special SSO URL is protected by LL::NG, Sympa will display a button for users who wants to use this feature.
How to choose? Here are some advices:
  • Auto login is very secure for Sympa 5, as Sympa cookie is only exchanged between LL::NG Handler and Sympa (user cannot see it)
  • Magic authentication allows to mix standard Sympa authentication and SSO

Choose one of the following method:

Sympa virtual host in Apache

Configure Sympa virtual host like other protected virtual host but use Sympa Handler instead of default Handler.

<VirtualHost *:80>
       ServerName sympa.example.com
 
       # Load Sympa Handler
       PerlRequire __HANDLERDIR__/MyHandlerSympa.pm
       PerlHeaderParserHandler My::Sympa
 
       ...
 
</VirtualHost>

Sympa virtual host in Manager

Go to the Manager and create a new virtual host for Sympa.

Just configure the access rules.

Sympa Handler parameters

Go in Manager, Default parameters » Advanced parameters » Special handlers » Sympa, and edit the different keys:

  • Shared key: correspond to the cookie parameter of sympa.conf
  • Mail session key: session field where to find user mail (by default: mail)

Sympa configuration

Edit the file "auth.conf", for example:

vi /etc/sympa/auth.conf

And fill it:

generic_sso
        service_name                   Centralized auth service
        service_id                          lemonldapng
        email_http_header            HTTP_MAIL
        netid_http_header             HTTP_AUTH_USER
        internal_email_by_netid    1
        logout_url                          http://sympa.example.com/wws/logout
You can also disable internal Sympa authentication to keep only LemonLDAP::NG by removing user_table paragraph

Note that if you use FastCGI, you must restart Apache to enable changes.

You can also use <portal>?logout=1 as logout_url to remove LemonLDAP::NG session when "disconnect" is chosen.

Sympa virtual host in Apache

Configure Sympa virtual host like other protected virtual host but protect only magic authentication URL.

<VirtualHost *:80>
       ServerName sympa.example.com
 
       <Location /wws/sso_login/lemonldapng>
       PerlHeaderParserHandler My::Package
       </Location>
 
       ...
 
</VirtualHost>
The location URL end is based on the service_id defined in Sympa apache configuration.

Sympa virtual host in Manager

Go to the Manager and create a new virtual host for Sympa.

Configure the access rules and define the following headers:

  • Auth-User
  • Mail