Get parameters Provider

Presentation

For application not managing other provider protocols (CAS, OpenID Connect, SAML,…) it is possible to configure LL::NG as a provider of GET parameters:

  • An application can call LL::NG portal with a redirection url, such as http://auth.example.com/get/login?url=base64(application_url)

  • When computing redirection, LL::NG portal will transmit any GET parameter you have configured for this application. (session id for example)

Danger

Passing such sensitive information can be dangerous. Using other well-known secured protocols is recommended.

There is also the possibility to trigger a logout action by passing the return url , such as http://auth.example.com/get/logout?url=base64(return_url)

Configuration

In the Manager, go in General Parameters » Issuer modules » GET and configure:

  • Activation: set to On.

  • Path: keep ^/get/ unless you have change Apache portal configuration file.

  • Use rule: a rule to allow user to use this module, set to 1 to always allow.

Tip

For example, to allow only users with a strong authentication level:

$authenticationLevel > 2

Then go in Get parameters to define variables to transmit:

  • Define a new virtual host

  • Declare all get parameters you need. You have access to any variable or macro (but no perl expression).

For example:

"test1.example.com" => {
    "id" => "_session_id",
}

Danger

In the previous example, _session_id is quite sensitive, thus it is encouraged that the application revalidate _session_id using getCookie() SOAP call to avoid some security problems

Tip

If host is not already registered in virtual hosts, you need to declare it in trusted domains to allow redirection