This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:2.1:authssl [2019/07/04 22:42]
cmaudoux [SSL by Ajax]
documentation:2.1:authssl [2019/08/16 11:46] (current)
cmaudoux [SSL by Ajax]
Line 264: Line 264:
 </​note>​ </​note>​
 <​note>​ <​note>​
-With federated identities, redirections ​can be skipped by SSL AJAX request because ​pdata cookie ​is not sent (domain does not match with AJAX destination). To avoid this, you can set pdata cookie domain by editing ''​lemonldap-ng.ini''​ in section [portal]:+Ajax authentication request ​can be sent to an another URL than Portal URL. 
 +To avoid a persistent loop between Portal and a redirection URL (pdata is not removed because domains mismatch), you have to set pdata cookie domain by editing ''​lemonldap-ng.ini''​ in section [portal]:
 <file ini> <file ini>
Line 270: Line 272:
 pdataDomain = example.com pdataDomain = example.com
 </​file>​ </​file>​
 +To avoid a bad/expired token during session upgrading (Reauthentication) if URLs are served by different load balancers, you can force Upgrade tokens be stored into Global Storage by editing ''​lemonldap-ng.ini''​ in section [portal]:
 +<file ini>
 +forceGlobalStorageUpgradeOTT = 1
 </​note>​ </​note>​