Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:issuerdbget [2019/01/15 15:55] (current)
Line 1: Line 1:
 +====== Get parameters Provider ======
  
 +===== Presentation =====
 +
 +For application not managing other provider protocols (CAS, OpenID Connect, SAML,...) it is possible to configure LL::NG as a provider of GET parameters:
 +  * An application can call LL::NG portal with a redirection url, such as ''​http://​auth.example.com/​get/​login?​url=base64(application_url)''​
 +  * When computing redirection,​ LL::NG portal will transmit any GET parameter you have configured for this application. (session id for example)
 +
 +<note warning>​Passing such sensitive information can be dangerous. Using other well-known secured protocols is recommended.</​note>​
 +
 +There is also the possibility to trigger a logout action by passing the return url , such as ''​http://​auth.example.com/​get/​logout?​url=base64(return_url)''​
 +
 +===== Configuration =====
 +
 +In the Manager, go in ''​General Parameters''​ » ''​Issuer modules''​ » ''​GET''​ and configure:
 +  * **Activation**:​ set to ''​On''​.
 +  * **Path**: keep ''​^/​get/''​ unless you have change [[configlocation#​portal|Apache portal configuration]] file.
 +  * **Use rule**: a rule to allow user to use this module, set to 1 to always allow.
 +
 +<note tip>
 +For example, to allow only users with a strong authentication level:
 +<​code>​
 +$authenticationLevel > 2
 +</​code>​
 +</​note>​
 +
 +Then go in ''​Get parameters''​ to define variables to transmit:
 +  * Define a new virtual host
 +  * Declare all get parameters you need. You have access to any [[exportedvars|variable or macro]] (but no perl expression).
 +
 +For example:
 +<​code>​
 +"​test1.example.com"​ => {
 +    "​id"​ => "​_session_id",​
 +}
 +</​code>​
 +
 +<note warning>​In the previous example, _session_id is quite sensitive, thus it is encouraged that the application revalidate _session_id using getCookie() SOAP call to avoid some security problems</​note>​
 +
 +<note tip>If host is not already registered in virtual hosts, you need to declare it in [[security#​configure_security_settings|trusted domains]] to allow redirection</​note>​