Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Last revision Both sides next revision | ||
|
documentation:latest:securetoken [2017/11/20 14:44] xguimard Spelling errors |
documentation:latest:securetoken [2019/06/05 14:22] 127.0.0.1 external edit |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== Presentation ===== | ===== Presentation ===== | ||
| - | The Secure Token Handler is a special Handler that create a token for each request and send it to the protected application. The real user identifier is stored in a Memcached server and the protected application can the request the Memcached server to get user identifier. | + | The Secure Token Handler is a special Handler that creates a token for each request and send it to the protected application. The real user identifier is stored in a Memcached server and the protected application can request the Memcached server to get user identifier. |
| - | This mechanism allows one to do SSO on application with an unsafe link between Handler and the application, but with a safe link with the Memcached server. | + | This mechanism allows one to protect an application with an unsafe link between Handler and the application, but with a safe link between the Memcached server and the application. |
| ===== Configuration ===== | ===== Configuration ===== | ||
| + | |||
| + | Install Cache::Memcached dependency. | ||
| ==== Virtual host ==== | ==== Virtual host ==== | ||
| Line 13: | Line 15: | ||
| === Apache === | === Apache === | ||
| - | Configure the virtual host like other [[configvhost|protected virtual host]] but use Secure Token Handler instead of default Handler. | + | VirtualHost has to be configured like other [[configvhost|protected virtual hosts]] but by using Secure Token Handler instead of default Handler. |
| <file apache> | <file apache> | ||
| Line 28: | Line 30: | ||
| </file> | </file> | ||
| - | === Nginx === | + | === Other web servers === |
| - | <note>This module uses Apache2 Filter and is not compatible with Nginx.</note> | + | <note>This handler uses Apache2Filter Module to hide token, prefer [[servertoserver|Handling server webservice calls]] for other servers.</note> |
| ==== Handler parameters ==== | ==== Handler parameters ==== | ||
| Line 39: | Line 41: | ||
| * **Attribute to store**: the session key that will be stored in Memcached. | * **Attribute to store**: the session key that will be stored in Memcached. | ||
| * **Protected URLs**: Regexp of URLs for which the secure token will be sent, separated by spaces | * **Protected URLs**: Regexp of URLs for which the secure token will be sent, separated by spaces | ||
| - | * **Header name**: name of the HTTP header carrying the secure token. | + | * **Header name**: name of the HTTP header carrying by the secure token. |
| * **Allow requests in error**: allow a request that has generated an error in token generation to be forwarded to the protected application without secure token (default: yes) | * **Allow requests in error**: allow a request that has generated an error in token generation to be forwarded to the protected application without secure token (default: yes) | ||