documentation:2.1:authrest

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:authrest [2019/09/04 18:51] (current)
Line 1: Line 1:
 +====== REST ======
  
 +^  Authentication  ^  Users  ^  Password  ^
 +|  ✔  |  ✔  |  ✔  |
 +
 +===== Presentation =====
 +
 +This backend can be used to delegate authentication to some webservices.
 +
 +===== Configuration =====
 +
 +In Manager, go in ''General Parameters'' > ''Authentication modules'' and choose REST for authentication, users and/or password modules.
 +
 +Then, go in ''REST parameters'' and you just have to set REST URL to provide wanted services:
 +^  Module  ^  Parameter  ^
 +|  Authentication level  |  Authentication level for this module  |
 +|  Authentication  |  Authentication URL  |
 +|  User database  |  User data URL  |
 +|  Password confirmation  |  Password confirmation URL  |
 +|  Password change  |  Password change URL  |
 +
 +<note tip>You can then choose any other module for users and password.</note>
 +
 +===== REST Dialog =====
 +
 +LemonLDAP::NG will call the endpoints you declared at various steps during the login process.
 +
 +The request performed by LemonLDAP::NG is a POST on the URL you specified, the content of the POST is a JSON document (''Content-Type: application/json'').
 +
 +REST web services must respond with a success HTTP code (200), and the response must be a JSON document containing a ''result'' key.  Auth/UserDB endpoints can add an ''info'' array that will be stored in session data (without reading "Exported variables").
 +
 +^  URL  ^  Query  ^  Response  ^
 +|  Authentication URL  | ''{"user":$user,"password":$password}'' | ''{"result":true/false,"info":{...}}'' |
 +|  User data URL  | ''{"user":$user}'' | ''{"result":true/false,"info":{"uid":"dwho",...}}'' |
 +|  Password confirmation URL  | ''{"user":$user,"password":$password}'' | ''{"result":true/false}'' |
 +|  Password change URL  | ''{"user":$user,"password":$password}'' | ''{"result":true/false}'' |
 +
 +<note tip>To have only one REST call during the login process, you can set REST only as an Authentication backend, configure Null as your User Database, and make sure the REST authentication URL send all your user attributes in the ''info'' response key </note>