Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Last revision Both sides next revision | ||
documentation:latest:securetoken [2017/11/20 14:44] xguimard Spelling errors |
documentation:latest:securetoken [2019/06/05 14:22] 127.0.0.1 external edit |
||
---|---|---|---|
Line 3: | Line 3: | ||
===== Presentation ===== | ===== Presentation ===== | ||
- | The Secure Token Handler is a special Handler that create a token for each request and send it to the protected application. The real user identifier is stored in a Memcached server and the protected application can the request the Memcached server to get user identifier. | + | The Secure Token Handler is a special Handler that creates a token for each request and send it to the protected application. The real user identifier is stored in a Memcached server and the protected application can request the Memcached server to get user identifier. |
- | This mechanism allows one to do SSO on application with an unsafe link between Handler and the application, but with a safe link with the Memcached server. | + | This mechanism allows one to protect an application with an unsafe link between Handler and the application, but with a safe link between the Memcached server and the application. |
===== Configuration ===== | ===== Configuration ===== | ||
+ | |||
+ | Install Cache::Memcached dependency. | ||
==== Virtual host ==== | ==== Virtual host ==== | ||
Line 13: | Line 15: | ||
=== Apache === | === Apache === | ||
- | Configure the virtual host like other [[configvhost|protected virtual host]] but use Secure Token Handler instead of default Handler. | + | VirtualHost has to be configured like other [[configvhost|protected virtual hosts]] but by using Secure Token Handler instead of default Handler. |
<file apache> | <file apache> | ||
Line 28: | Line 30: | ||
</file> | </file> | ||
- | === Nginx === | + | === Other web servers === |
- | <note>This module uses Apache2 Filter and is not compatible with Nginx.</note> | + | <note>This handler uses Apache2Filter Module to hide token, prefer [[servertoserver|Handling server webservice calls]] for other servers.</note> |
==== Handler parameters ==== | ==== Handler parameters ==== | ||
Line 39: | Line 41: | ||
* **Attribute to store**: the session key that will be stored in Memcached. | * **Attribute to store**: the session key that will be stored in Memcached. | ||
* **Protected URLs**: Regexp of URLs for which the secure token will be sent, separated by spaces | * **Protected URLs**: Regexp of URLs for which the secure token will be sent, separated by spaces | ||
- | * **Header name**: name of the HTTP header carrying the secure token. | + | * **Header name**: name of the HTTP header carrying by the secure token. |
* **Allow requests in error**: allow a request that has generated an error in token generation to be forwarded to the protected application without secure token (default: yes) | * **Allow requests in error**: allow a request that has generated an error in token generation to be forwarded to the protected application without secure token (default: yes) | ||