The Secure Token Handler is a special Handler that create a token for each request and send it to the protected application. The real user identifier is stored in a Memcached server and the protected application can the request the Memcached server to get user identifier.
This mechanism allows one to do SSO on application with an unsafe link between Handler and the application, but with a safe link with the Memcached server.
Configure the virtual host like other protected virtual host but use Secure Token Handler instead of default Handler.
PerlModule Lemonldap::NG::Handler::Specific::SecureToken <VirtualHost *:80> ServerName secure.example.com # Load SecureToken Handler PerlHeaderParserHandler Lemonldap::NG::Handler::Specific::SecureToken ... </VirtualHost>
SecureToken parameters are the following:
lemonldap-ng.ini
and not in Manager, for example:
[handler] secureTokenMemcachedServers = 127.0.0.1:11211 secureTokenExpiration = 60 secureTokenAttribute = uid secureTokenUrls = .* secureTokenHeader = Auth-Token secureTokenAllowOnError = 1