Get parameters Provider¶
Presentation¶
For application not managing other provider protocols (CAS, OpenID Connect, SAML,…) it is possible to configure LL::NG as a provider of GET parameters:
An application can call LL::NG portal with a redirection url, such as
http://auth.example.com/get/login?url=base64(application_url)
When computing redirection, LL::NG portal will transmit any GET parameter you have configured for this application. (session id for example)
Danger
Passing such sensitive information can be dangerous. Using other well-known secured protocols is recommended.
There is also the possibility to trigger a logout action by passing the
return url , such as
http://auth.example.com/get/logout?url=base64(return_url)
Configuration¶
In the Manager, go in General Parameters
» Issuer modules
»
GET
and configure:
Activation: set to
On
.Path: keep
^/get/
unless you have change Apache portal configuration file.Use rule: a rule to allow user to use this module, set to 1 to always allow.
Tip
For example, to allow only users with a strong authentication level:
$authenticationLevel > 2
Then go in Get parameters
to define variables to transmit:
Define a new virtual host
Declare all get parameters you need. You have access to any variable or macro (but no perl expression).
For example:
"test1.example.com" => {
"id" => "_session_id",
}
Danger
In the previous example, _session_id is quite sensitive, thus it is encouraged that the application revalidate _session_id using getCookie() SOAP call to avoid some security problems
Tip
If host is not already registered in virtual hosts, you need to declare it in trusted domains to allow redirection