Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:authslave [2019/01/15 15:55] (current)
Line 1: Line 1:
 +====== Slave ======
  
 +^  Authentication ​ ^  Users  ^  Password ​ ^
 +|  ✔  |  ✔  | |
 +===== Presentation =====
 +
 +LL::NG Slave backend relies on HTTP headers to retrieve user login and/or attributes.
 +
 +  * Authentication:​ will check user login in a header and create session without prompting any credentials (but will register client IP and creation date)
 +  * Users: collect data transferred in HTTP headers by the "​master"​.
 +
 +It allows one to put LL::​NG::​portal behind another web SSO, or behind a SSL hardware to delegate SSL authentication to that hardware.
 +
 +===== Configuration =====
 +
 +In Manager, go in ''​General Parameters''​ > ''​Authentication modules''​ and choose Slave for authentication or users module.
 +
 +Then, go in ''​Slave parameters'':​
 +  * **Authentication level**: authentication level for this module.
 +  * **Header for user login**: header that contains the user main login
 +  * **Master'​s IP address**: the IP addresses of servers which are accredited to authenticate user. This is a security point, to prevent someone to create a session by sending custom headers. You can set one or several IP addresses, separated by spaces, or let this parameter empty to disable the checking.
 +  * **Control header name**: header that contains a value to control. Let this parameter empty to disable the checking.
 +  * **Control header content**: value to control. Let this parameter empty to disable the checking.
 +
 +You have then to declare HTTP headers exported by the main SSO (in **Exported Variables**). Example :
 +
 +^  Key (LL::NG name)  ^  Value (HTTP header name)  ^
 +|  uid  |  Auth-User ​ |
 +|  mail  |  User-Email ​ |
 +
 +See also [[exportedvars|exported variables configuration]].