Authentication Users Password

LL::NG is able to transfer (trough REST or SOAP) authentication credentials to another LL::NG portal, like a proxy.

SOAP support may be removed in LLNG 3.0

The difference with remote authentication is that the client will never be redirect to the main LL::NG portal. This configuration is usable if you want to expose your internal SSO portal to another network (DMZ).

In Manager, go in General Parameters > Authentication modules and choose Proxy for authentication and users.

Then, go in Proxy parameters:

  • Internal portal URL: URL of internal portal
  • Session service URL (optional): Session service URL (default: same as previous for SOAP, same with "/session/my" for REST)
  • Cookie name (optional): name of the cookie of internal portal, if different from external portal
  • Authentication level: level given to this authentication
  • Use SOAP instead of REST: use a deprecated SOAP server instead of a REST one (you must set it if internal portal version is < 2.0). In this case, "Portal URL" parameter must contains SOAP endpoint (generally for 1.9 and earlier, for 2.0)

The portal must be configured to accept REST or SOAP authentication requests if you've choose to use SOAP. See: REST server plugin or SOAP session backend (deprecated).

If you Proxy is a 2.0.x and your server is a 1.9.x, you should add this in your lemonldap-ng.ini:

soapProxyUrn = urn:Lemonldap/NG/Common/CGI/SOAPService