Slave

Authentication

Users

Password

Presentation

LL::NG Slave backend relies on HTTP headers to retrieve user login and/or attributes.

  • Authentication: will check user login in a header and create session without prompting any credentials (but will register client IP and creation date)

  • Users: collect data transferred in HTTP headers by the “master”.

It allows one to put LL::NG::portal behind another web SSO, or behind a SSL hardware to delegate SSL authentication to that hardware.

Configuration

In Manager, go in General Parameters > Authentication modules and choose Slave for authentication or users module.

Then, go in Slave parameters:

  • Authentication level: authentication level for this module

  • Header for user login: header containing user main login

  • Master’s IP address: IP addresses of servers which are accredited to authenticate user. This is a security point to prevent someone to create a session by sending custom headers. You can set netblocks in CIDR notation or list IP addresses, space or comma separated. By example: 127.0.0.2, 192.168.1.1 10.20.30.0/24. A blank value disables this checking.

  • Control header name: header containing value to check. A blank value disables this checking.

  • Control header content: value to check. A blank value disables this checking.

  • Display authentication logo: display Slave logo

You have then to declare HTTP headers exported by the main SSO (in Exported Variables). Example :

Key (LL::NG name)

Value (HTTP header name)

uid

Auth-User

mail

User-Email

Example

  • Request with curl (AuthChoice with Slave and Secured cookie => double cookies for a single session):

Control header name: control

Control header content: password

curl -k https://127.0.0.1:19876 -H 'CN: dwho' -H 'Host: auth.example.com' -H 'Accept: application/json' -H 'control: password' -d "lmAuth=2_Slave" | json_pp
  • Response for good authentication:

{
    "result" : 1,
    "error" : 0,
    "id_http" : "5237ce20290d6110915a05d62f52618955b5f71b6dd3424481372ad419a5b122",
    "id" : "16fec9bd7a0523328568ca919ee0a6d6e329832f6c302bf36b106db92b5ec23d"
}

See also exported variables configuration.