Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:securetoken [2017/11/20 14:44]
xguimard Spelling errors
documentation:latest:securetoken [2019/06/05 15:12]
cmaudoux [Virtual host]
Line 3: Line 3:
 ===== Presentation ===== ===== Presentation =====
  
-The Secure Token Handler is a special Handler that create ​a token for each request and send it to the protected application. The real user identifier is stored in a Memcached server and the protected application can the request the Memcached server to get user identifier.+The Secure Token Handler is a special Handler that creates ​a token for each request and send it to the protected application. The real user identifier is stored in a Memcached server and the protected application can request the Memcached server to get user identifier.
  
-This mechanism allows one to do SSO on application with an unsafe link between Handler and the application,​ but with a safe link with the Memcached server.+This mechanism allows one to protect an application with an unsafe link between Handler and the application,​ but with a safe link between ​the Memcached server ​and the application.
  
 ===== Configuration ===== ===== Configuration =====
 +
 +Install Cache::​Memcached dependency.
  
 ==== Virtual host ==== ==== Virtual host ====
  
-=== Apache === +You just have to set "Type: SecureToken" in the VirtualHost ​options in the manager.
- +
-Configure the virtual host like other [[configvhost|protected virtual host]] but use Secure Token Handler instead of default Handler. +
- +
-<file apache>​ +
-PerlModule Lemonldap::​NG::​Handler::​Specific:​:​SecureToken +
-<VirtualHost ​*:80> +
-       ​ServerName secure.example.com +
- +
-       # Load SecureToken Handler +
-       ​PerlHeaderParserHandler Lemonldap::​NG::​Handler::​Specific::​SecureToken +
- +
-       ... +
-        +
-</​VirtualHost>​ +
-</​file>​+
  
-=== Nginx ===+If you want to protect only a virtualHost part, keep type on "​Main"​ and set type in your configuration file: 
 +  * Apache: use simply a ''​PerlSetVar VHOSTTYPE AuthBasic''​ 
 +  * Nginx: create another FastCGI with a ''​fastcgi_param VHOSTTYPE SecureToken;''​
  
-<​note>​This ​module ​uses Apache2 Filter and is not compatible with Nginx.</​note>​+<​note>​This ​handler ​uses Apache2Filter Module to hide token, prefer [[servertoserver|Handling server webservice calls]] for other servers.</​note>​
  
 ==== Handler parameters ==== ==== Handler parameters ====
Line 39: Line 28:
   * **Attribute to store**: the session key that will be stored in Memcached.   * **Attribute to store**: the session key that will be stored in Memcached.
   * **Protected URLs**: Regexp of URLs for which the secure token will be sent, separated by spaces   * **Protected URLs**: Regexp of URLs for which the secure token will be sent, separated by spaces
-  * **Header name**: name of the HTTP header carrying the secure token.+  * **Header name**: name of the HTTP header carrying ​by the secure token.
   * **Allow requests in error**: allow a request that has generated an error in token generation to be forwarded to the protected application without secure token (default: yes)   * **Allow requests in error**: allow a request that has generated an error in token generation to be forwarded to the protected application without secure token (default: yes)