The Portal

The Portal is the main component of LL::NG. It provides many features:

• Authentication service of course
  • Web based for normal users:
    • using own database (LDAP, SQL, …)
    • using web server authentication system (used for SSL, Kerberos, HTTP basic authentication, …)
    • using external identity provider (SAML, OpenID, CAS, Twitter, other LL::NG system, …)
    • all together (based on user choice, rules, …)
  • SOAP based and REST based for client-server software, specific development, …
• Identity provider: LL::NG is able to provide identity service using:
  • SAML
  • OpenID Connect
  • CAS
• Identity provider proxy: LL::NG can be used as proxy translator between systems talking SAML, OpenID, CAS, …
• Internal SOAP server used by SOAP configuration backend and usable for specific development (see SOAP services for more)
• Internal REST server used by REST configuration backend and usable for specific development (see REST services for more)
• Interactive management of user passwords:
  • Password change form (in menu)
  • Self service reset (send a mail to the user with a to change the password)
  • Force password change with LDAP password policy password reset flag
• Application menu: display authorized applications in categories
• Notifications: prompt users with a message if found in the notification database
• Second factors management

Functioning

LL::NG portal is a modular component. It needs 4 modules to work:

• Authentication: how check user credentials
• User database: where collect user information
• Password database: where change password
• Identity provider: how forward user identity

Tip

Each module can be disabled using the Null backend.

Kinematics

1. Check if URL asked is valid
2. Check if user is already authenticated
   • If not authenticated (or authentication is forced), try to find (userDB module) and authenticate him (auth module), collect user data, compute groups and macros, ask for second factor if required, create a session and store it. LL::NG affords a captcha feature which can be enabled.
3. Modify password if asked (password module)
4. Provide identity if asked (IdP module)
5. Build cookie(s)
6. Redirect user to the asked URL or display dynamic menu

Note

See also general kinematics presentation.

URL parameters

Some parameters in URL can change the behavior of the portal:

• logout: Launch the logout process (for example: logout=1)
• tab: Preselect a tab (Choice or Menu) (for example: tab=password)
• llnglanguage: Force lang used to display the page (for example: llnglanguage=fr)
• setCookieLang: Update lang cookie to persist the language set with llnglanguage parameter (for example: setCookieLang=1)