REST session backend

LL::NG portal provides REST end points for sessions management:

  • GET /sessions/<type>/<session-id> : get session datas
  • GET /sessions/<type>/<session-id>/<key> : get a session key value
  • GET /sessions/<type>/<session-id>/[k1,k2] : get some session key value
  • POST /sessions/<type> : create a session
  • PUT /sessions/<type>/<session-id> : update some keys
  • DELETE /sessions/<type>/<session-id> : delete a session

Sessions for connected users (used by LLNG Proxy):

  • GET /session/my/<type> : get session datas
  • GET /session/my/<type>/key : get session key
  • DELETE /session/my : ask for logout

Authorizations for connected users (always enabled):

  • GET /mysession/?authorizationfor=<base64-encoded-url>: ask if url is authorizated

This session backend can be used to share sessions stored in a non-network backend (like file session backend) or in a network backend protected with a firewall that only accepts HTTP flows.

Most of the time, REST session backend is used by Handlers installed on external servers.

To configure it, REST session backend will be set trough Manager in global configuration (used by all Handlers), and the real session backend will be configured for local components in lemonldap-ng.ini.

Setup

Manager

First, active SOAP in General parameters » Advanced parameters » Portal servers » SOAP session server.

Then, set Lemonldap::NG::Common::Apache::Session::REST in General parameters » Sessions » Session storage » Apache::Session module and add the following parameters (case sensitive):

Required parameters
Name Comment Example
baseUrl URL of sessions REST end point http://auth.example.com/index.fcgi/sessions/global
Optional parameters
user Username to use for auth basic mechanism
password Password to use for auth basic mechanism

Apache

Sessions REST end points access must be allowed in Apache portal configuration (for example, access by IP range):

# SOAP functions for sessions management (disabled by default)
<Location /index.fcgi/sessions>
    Require 192.168.2.0/24
</Location>

Real session backend

Real session backend will be configured in lemonldap-ng.ini, in portal section (the portal hosts the REST service for sessions, and will do the link between SOAP requests and real sessions).

For example, if real sessions are stored in files:

[portal]
globalStorage = Apache::Session::File
globalStorageOptions = { 'Directory' => '/var/lib/lemonldap-ng/sessions/', 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/', }
Session explorer and “single session” features can't be used using this backend. Session explorer and portal must be launched with real backend.