LL::NG is able to send (through REST or SOAP) authentication credentials to another LL::NG portal, like a proxy.

The difference with remote authentication is that the client will never be redirect to the main LL::NG portal. This configuration is useful if you want to expose your internal SSO portal to another network (DMZ).


External portal

In Manager, go in General Parameters > Authentication modules and choose Proxy for authentication and users.

Then, go in Proxy parameters:

  • Authentication level: authentication level for Proxy module

  • Use SOAP instead of REST: use a deprecated SOAP server instead of a REST one (you must set it if internal portal version is < 2.0). In this case, “Portal URL” parameter must contain SOAP endpoint (generally for 1.9 and earlier, for 2.0)

  • URL: URL of internal portal

  • Session service URL (optional): session service URL (default: same as previous for SOAP, same with “/session/my” for REST)

  • Choice parameter (optional): choice parameter of the internal portal if applicable

  • Choice value (optional): value of the choice parameter of the internal portal

  • Cookie name (optional): internal portal cookie name, if different from external portal

  • Impersonation (optional) : can be enabled if the internal portal provides impersonation


If the internal portal uses Choice Authentication, you have to specify ‘Internal portal choice parameter’ and ‘Internal portal choice value’ depending on its configuration. This feature needs at least LL::NG version 2.0.14.

Internal portal

The portal must be configured to accept REST or SOAP authentication requests. See: REST server plugin or SOAP session backend (deprecated).

SOAP compatibility with 1.9 server

If your Proxy is a 2.0.x and your server is a 1.9.x, you should add this in your lemonldap-ng.ini:

soapProxyUrn = urn:Lemonldap/NG/Common/CGI/SOAPService


This feature needs at least LL::NG version 2.0.8