Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:redirections [2012/02/09 19:25]
fxdeltombe
documentation:latest:redirections [2020/04/09 22:37] (current)
Line 1: Line 1:
 ====== Redirections ====== ====== Redirections ======
 +
 +===== Handler Redirections =====
  
 <​note>​When a user access a Handler without a cookie, he is redirected on portal, and the target URL is encoded in redirection URL (to redirect user after authentication process).</​note>​ <​note>​When a user access a Handler without a cookie, he is redirected on portal, and the target URL is encoded in redirection URL (to redirect user after authentication process).</​note>​
  
-===== Protocol and port =====+==== Protocol and port ====
  
-To encode the redirection URL, the will use some Apache environment variables and also configuration settings:+To encode the redirection URL, the handler ​will use some Apache environment variables and also configuration settings:
   * **HTTPS**: use https as protocol   * **HTTPS**: use https as protocol
   * **Port**: port of the application (by default, 80 for http, 443 for https)   * **Port**: port of the application (by default, 80 for http, 443 for https)
Line 11: Line 13:
 These parameters can be configured in Manager, in ''​General Parameters''​ > ''​Advanced parameters''​ > ''​Handler redirections''​. These parameters can be configured in Manager, in ''​General Parameters''​ > ''​Advanced parameters''​ > ''​Handler redirections''​.
  
-<note tip>​These settings can be overriden ​per virtual host, see [[configvhost|virtual host management]].</​note>​+<note tip>​These settings can be overridden ​per virtual host, see [[configvhost|virtual host management]].</​note>​
  
-===== Forbidden and Server error =====+==== Forbidden and Server error ====
  
 Handler use the default Apache error code for the following cases: Handler use the default Apache error code for the following cases:
   * User has no access authorization:​ FORBIDDEN (403)   * User has no access authorization:​ FORBIDDEN (403)
   * An error occurs on server side: SERVER_ERROR (500)   * An error occurs on server side: SERVER_ERROR (500)
 +  * The application is in maintenance:​ HTTP_SERVICE_UNAVAILABLE (503)
  
-These errors can be catch trough Apache ''​ErrorDocument''​ directive, to redirect user on a specific page:+These errors can be catch trough Apache ''​ErrorDocument''​ directive or Nginx ''​error_page''​ directive, to redirect user on a specific page:
  
 <file apache> <file apache>
-# Common error page and security parameters+Apache: ​Common error page and security parameters
 ErrorDocument 403 http://​auth.example.com/?​lmError=403 ErrorDocument 403 http://​auth.example.com/?​lmError=403
 ErrorDocument 500 http://​auth.example.com/?​lmError=500 ErrorDocument 500 http://​auth.example.com/?​lmError=500
 +ErrorDocument 503 http://​auth.example.com/?​lmError=503
 </​file>​ </​file>​
  
-It is also possible to redirect the user without using ''​ErrorDocument'':​ the Handler will not return 403 or 500 code, but code 302 (REDIRECT). ​+<file nginx> 
 +# Nginx: Common error page and security parameters 
 +error_page 403 http://​auth.example.com/?​lmError=403;​ 
 +error_page 500 http://​auth.example.com/?​lmError=500;​ 
 +error_page 503 http://​auth.example.com/?​lmError=503;​ 
 +</​file>​ 
 + 
 +It is also possible to redirect the user without using ''​ErrorDocument'':​ the Handler will not return 403500, 503 code, but code 302 (REDIRECT). ​
  
 The user will be redirected on portal URL with error in the ''​lmError''​ URL parameter. The user will be redirected on portal URL with error in the ''​lmError''​ URL parameter.
Line 33: Line 44:
 These parameters can be configured in Manager, in ''​General Parameters''​ > ''​Advanced parameters''​ > ''​Handler redirections'':​ These parameters can be configured in Manager, in ''​General Parameters''​ > ''​Advanced parameters''​ > ''​Handler redirections'':​
   * **Redirect on forbidden**:​ use 302 instead 403   * **Redirect on forbidden**:​ use 302 instead 403
-  * **Redirect on error**: use 302 instead 500+  * **Redirect on error**: use 302 instead 500 or 503 
 + 
 + 
 +===== Portal Redirections ===== 
 + 
 +<​note>​If a user is redirected from handler to portal for authentication and once he is authenticated,​ portal redirects him to the redirection URL.</​note>​
  
 +  * **Redirection message**: ​ The redirection from portal can be done either with code 303 (See Other), or with a JavaScript redirection. Often the redirection takes some time because it is user's first access to the protected app, so a new app session has to be created : JavaScript redirection improves user experience by informing that authentication is performed, and by preventing from clicking again on the button because it is too slow.
 +  * **Keep redirections for Ajax**: By default, when an Ajax request is done on the portal for an unauthenticated user (after a redirection done by the handler), a 401 code will be sentwith a ''​WWW-Authenticate''​ header containing "SSO <​portal-URL>"​. Set this option to 1 to keep the old behavior (return of HTML code).
 +  * **Skip re-auth confirmation**:​ by default, when re-authentication is needed, a confirmation screen is displayed to let user accept the re-authentication. If you enable this option, user will be directly redirected to login page.