Slave

Authentication Users Password

Presentation

LL::NG Slave backend relies on HTTP headers to retrieve user login and/or attributes.

  • Authentication: will check user login in a header and create session without prompting any credentials (but will register client IP and creation date)
  • Users: collect data transferred in HTTP headers by the “master”.

It allows one to put LL::NG::portal behind another web SSO, or behind a SSL hardware to delegate SSL authentication to that hardware.

Configuration

In Manager, go in General Parameters > Authentication modules and choose Slave for authentication or users module.

Then, go in Slave parameters:

  • Authentication level: authentication level for this module.
  • Header for user login: header that contains the user main login
  • Master's IP address: the IP addresses of servers which are accredited to authenticate user. This is a security point, to prevent someone to create a session by sending custom headers. You can set one or several IP addresses, separated by spaces, or let this parameter empty to disable the checking.
  • Control header name: header that contains a value to control. Let this parameter empty to disable the checking.
  • Control header content: value to control. Let this parameter empty to disable the checking.

You have then to declare HTTP headers exported by the main SSO (in Exported Variables). Example :

Key (LL::NG name) Value (HTTP header name)
uid Auth-User
mail User-Email

See also exported variables configuration.