Sympa¶
Presentation¶
Sympa is a mailing list manager.
To configure SSO with Sympa, use Magic authentication: a special SSO URL is protected by LL::NG, Sympa will display a button for users who wants to use this feature.
Tip
Since version 1.9 of LLNG, old Auto-Login feature has been removed since it works only with Sympa-5 which has been deprecated
Configuration¶
Sympa configuration¶
Edit the file “auth.conf”, for example:
vi /etc/sympa/auth.conf
And fill it:
generic_sso
service_name Centralized auth service
service_id lemonldapng
email_http_header HTTP_MAIL
netid_http_header HTTP_AUTH_USER
internal_email_by_netid 1
logout_url http://sympa.example.com/wws/logout
Tip
You can also disable internal Sympa authentication to keep only LemonLDAP::NG by removing user_table paragraph
Note that if you use FastCGI, you must restart Apache to enable changes.
You can also use <portal>?logout=1 as logout_url to remove LemonLDAP::NG session when “disconnect” is chosen.
Sympa virtual host¶
Configure Sympa virtual host like other protected virtual host but protect only magic authentication URL.
Tip
The location URL end is based on the service_id
defined in
Sympa apache configuration.
For Apache:
<VirtualHost *:80>
ServerName sympa.example.com
<Location /wws/sso_login/lemonldapng>
PerlHeaderParserHandler Lemonldap::NG::Handler
</Location>
...
</VirtualHost>
For Nginx:
server {
listen 80;
server_name sympa.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH "";
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $original_uri;
}
# Client requests
location /wws/sso_login/lemonldapng {
auth_request /lmauth;
set $original_uri $uri$is_args$args;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
...
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}
Sympa virtual host in Manager¶
Go to the Manager and create a new virtual host for Sympa.
Configure the access rules and define the following headers:
Auth-User
Mail