The portal

The portal is the main component of LL::NG. It provides many features:

  • Authentication service of course
  • Identity provider: LL::NG is able to provide identity service using:
  • Identity provider proxy: LL::NG can be used as proxy translator between systems talking SAML, OpenID, CAS, …
  • Internal SOAP server used by SOAP configuration backend and usable for specific development (see SOAP services for more)
  • Internal REST server used by REST configuration backend and usable for specific development (see REST services for more)
  • Interactive management of user passwords:
    • Password change form (in menu)
    • Self service reset (send a mail to the user with a to change the password)
    • Force password change with LDAP password policy password reset flag
  • Application menu: display authorized applications in categories
  • Notifications: prompt users with a message if found in the notification database
  • Second factors management

Functioning

LL::NG portal is a modular component. It needs 4 modules to work:

Tip

Each module can be disabled using the Null backend.

Kinematics

  1. Check if URL asked is valid
  2. Check if user is already authenticated
    • If not authenticated (or authentication is forced) try to find it (userDB module) and to authenticate it (auth module), create session, ask for second factor if required, calculate groups and macros and store them. In 1.3, LL::NG has got a captcha feature which is used in this case.
  3. Modify password if asked (password module)
  4. Provides identity if asked (IdP module)
  5. Build cookie(s)
  6. Redirect user to the asked URL or display menu

URL parameters

Some parameters in URL can change the behavior of the portal:

  • logout: Launch the logout process (for example: logout=1)
  • tab: Preselect a tab (Choice or Menu) (for example: tab=password)
  • llnglanguage: Force lang used to display the page (for example: llnglanguage=fr)
  • setCookieLang: Update lang cookie to persist the language set with llnglanguage parameter (for example: setCookieLang=1)