This shows you the differences between two versions of the page.

Link to this comparison view

documentation:latest:authchoice [2019/01/15 15:54]
documentation:latest:authchoice [2019/08/12 21:59] (current)
Line 1: Line 1:
 +====== Backend choice by users ======
 +^  Authentication ​ ^  Users  ^  Password ​ ^
 +|  ✔  |  ✔  |  ✔  |
 +===== Presentation =====
 +By default, only the configured authentication backend is available for users.
 +Contrary to [[authmulti|multiple backend stacking]], backend choice will present all available authentication methods to users, who will choose the one they want.
 +The choice will concern three backends:
 +  * Authentication
 +  * Users
 +  * Password
 +The chosen backends will be registered in session:
 +  * ''​$_auth''​
 +  * ''​$_userDB''​
 +  * ''​$_passwordDB''​
 +Authentication choice will also be registered in session:
 +  * ''​$_authChoice''​
 +===== Configuration =====
 +In Manager, go in ''​General Parameters''​ > ''​Authentication modules''​ and choose Choice for authentication.
 +<note important>​When ''​Choice''​ is selected for authentication,​ values for Users and Password modules are also forced to ''​Choice''​.</​note>​
 +Then, go in ''​Choice Parameters'':​
 +  * **URL parameter**:​ parameter name used to set choice value (default: ''​lmAuth''​)
 +  * **Allowed modules**: click on ''​New chain''​ to add a choice.
 +{{ :​documentation:​manager-choice.png?​nolink |}}
 +Define here:
 +  * **Name**: Text displayed on choice tab.
 +  * **Authentication module**
 +  * **Users module**
 +  * **Password module**
 +  * **URL**: optional, can be used to redirect on another URL (for example https://​authssl.example.com). This is mandatory if you want to use an Apache authentication module, which is run by Apache before showing the LemonLDAP::​NG portal page.
 +  * **Condition**:​ optional, can be used to evaluate an expression to display the tab.
 +Authentication request to an another URL than Portal URL can lead to a persistent loop between Portal and a redirection URL (pdata is not removed because domains mismatch). To avoid this, you have to set pdata cookie domain by editing ''​lemonldap-ng.ini''​ in section [portal]:
 +<file ini>
 +pdataDomain = example.com
 +<note tip>You can prefix the key name with a digit to order them. The digit will not be shown on portal page. Underscore characters are also replaced by spaces.</​note>​
 +<note tip>You can also override some LLNG parameters for each chain. See [[parameterlist|Parameter list]] to have the key names to use</​note>​