Get parameters Provider

Presentation

For application not managing other provider protocols (CAS, OpenID Connect, SAML,…) it is possible to configure LL::NG as a provider of GET parameters:

  • An application can call LL::NG portal with a redirection url, such as http://auth.example.com/get/login?url=base64(application_url)
  • When computing redirection, LL::NG portal will transmit any GET parameter you have configured for this application. (session id for example)
Passing such sensitive information can be dangerous. Using other well-known secured protocols is recommended.

There is also the possibility to trigger a logout action by passing the return url , such as http://auth.example.com/get/logout?url=base64(return_url)

Configuration

In the Manager, go in General Parameters » Issuer modules » GET and configure:

  • Activation: set to On.
  • Path: keep ^/get/ unless you have change Apache portal configuration file.
  • Use rule: a rule to allow user to use this module, set to 1 to always allow.
For example, to allow only users with a strong authentication level:
$authenticationLevel > 2

Then go in Get parameters to define variables to transmit:

  • Define a new virtual host
  • Declare all get parameters you need. You have access to any variable or macro (but no perl expression).

For example:

"test1.example.com" => {
    "id" => "_session_id",
}
In the previous example, _session_id is quite sensitive, thus it is encouraged that the application revalidate _session_id using getCookie() SOAP call to avoid some security problems
If host is not already registered in virtual hosts, you need to declare it in trusted domains to allow redirection