documentation:2.1:authchoice

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:authchoice [2020/04/16 10:58] (current)
Line 1: Line 1:
 +====== Backend choice by users ======
  
 +^  Authentication  ^  Users  ^  Password  ^
 +|  ✔  |  ✔  |  ✔  |
 +
 +===== Presentation =====
 +
 +By default, only the configured authentication backend is available for users.
 +
 +Contrary to [[authmulti|multiple backend stacking]], backend choice will present all available authentication methods to users, who will choose the one they want.
 +
 +The choice will concern three backends:
 +  * Authentication
 +  * Users
 +  * Password
 +
 +The chosen backends will be registered in session:
 +  * ''$_auth''
 +  * ''$_userDB''
 +  * ''$_passwordDB''
 +
 +Authentication choice will also be registered in session:
 +  * ''$_authChoice''
 +
 +===== Configuration =====
 +
 +
 +In Manager, go in ''General Parameters'' > ''Authentication modules'' and choose Choice for authentication.
 +
 +<note important>When ''Choice'' is selected for authentication, values for Users and Password modules are also forced to ''Choice''.</note>
 +
 +Then, go in ''Choice Parameters'':
 +  * **URL parameter**: parameter name used to set choice value (default: ''lmAuth'')
 +  * **AuthBasic handler parameter**: authentication module used by AuthBasic handler
 +  * **Allowed modules**: click on ''New chain'' to add a choice.
 +
 +{{ :documentation:manager-choice.png?nolink |}}
 +
 +Define here:
 +  * **Name**: Text displayed on choice tab.
 +  * **Authentication module**
 +  * **Users module**
 +  * **Password module**
 +  * **URL**: optional, can be used to redirect on another URL (for example https://authssl.example.com). This is mandatory if you want to use an Apache authentication module, which is run by Apache before showing the LemonLDAP::NG portal page.
 +  * **Condition**: optional, can be used to evaluate an expression to display the tab. For example, to display a tab only if redirected by Handler from application ''test1.example.com'', you can set this condition:
 +<code perl>
 +$env->{urldc} =~ /test1\.example\.com/
 +</code>
 +
 +<note>
 +Authentication request to an another URL than Portal URL can lead to a persistent loop between Portal and a redirection URL (pdata is not removed because domains mismatch). To avoid this, you have to set pdata cookie domain by editing ''lemonldap-ng.ini'' in section [portal]:
 +
 +<file ini>
 +[portal]
 +pdataDomain = example.com
 +</file>
 +</note>
 +
 +<note tip>You can prefix the key name with a digit to order them. The digit will not be shown on portal page. Underscore characters are also replaced by spaces.</note>
 +
 +<note tip>You can also override some LLNG parameters for each chain. See [[parameterlist|Parameter list]] to have the key names to use</note>