Differences
This shows you the differences between two versions of the page.
|
documentation:latest:soapsessionbackend [2016/07/19 12:10] 127.0.0.1 external edit |
documentation:latest:soapsessionbackend [2019/04/04 20:34] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== SOAP session backend ====== | ||
| - | LL::NG portal provides SOAP end points for sessions management: | ||
| - | * **sessions/**: read only access to sessions (enough for distant Handlers) | ||
| - | * **adminSessions/**: read/write access to sessions (required for distant Portal, distant Manager or distant Handlers which modify sessions) | ||
| - | |||
| - | This session backend can be used to share sessions stored in a non-network backend (like [[filesessionbackend|file session backend]]) or in a network backend protected with a firewall that only accepts HTTP flows. | ||
| - | |||
| - | Most of the time, SOAP session backend is used by Handlers installed on external servers. | ||
| - | |||
| - | To configure it, SOAP session backend will be set trough Manager in global configuration (used by all Hanlders), and the real session backend will be configured for local components in lemonldap-ng.ini. | ||
| - | |||
| - | ===== Setup ===== | ||
| - | |||
| - | ==== Manager ==== | ||
| - | |||
| - | First, active SOAP in ''General parameters'' » ''Advanced parameters'' » ''SOAP''. | ||
| - | |||
| - | Then, set ''Lemonldap::NG::Common::Apache::Session::SOAP'' in ''General parameters'' » ''Sessions'' » ''Session storage'' » ''Apache::Session module'' and add the following parameters (case sensitive): | ||
| - | |||
| - | ^ Required parameters ^^^ | ||
| - | ^ Name ^ Comment ^ Example ^ | ||
| - | | **proxy** | URL of sessions SOAP end point | %%http://auth.example.com/index.pl/sessions%% | | ||
| - | |||
| - | <note tip>Use /adminSessions if the Handler need to modify the session, for example if you configured an idle timeout.</note> | ||
| - | |||
| - | ==== Apache ==== | ||
| - | |||
| - | Sessions SOAP end points access must be allowed in Apache portal configuration (for example, access by IP range): | ||
| - | |||
| - | <file apache> | ||
| - | # SOAP functions for sessions management (disabled by default) | ||
| - | <Location /index.pl/adminSessions> | ||
| - | Order deny,allow | ||
| - | Deny from all | ||
| - | Allow from 192.168.2.0/24 | ||
| - | </Location> | ||
| - | |||
| - | # SOAP functions for sessions access (disabled by default) | ||
| - | <Location /index.pl/sessions> | ||
| - | Order deny,allow | ||
| - | Deny from all | ||
| - | Allow from 192.168.2.0/24 | ||
| - | </Location> | ||
| - | </file> | ||
| - | |||
| - | ==== Real session backend ==== | ||
| - | |||
| - | Real session backend will be configured in ''lemonldap-ng.ini'', in ''portal'' section (the portal hosts the SOAP service for sessions, and will do the link between SOAP requests and real sessions). | ||
| - | |||
| - | For example, if real sessions are stored in [[filesessionbackend|files]]: | ||
| - | |||
| - | <file ini> | ||
| - | [portal] | ||
| - | globalStorage = Apache::Session::File | ||
| - | globalStorageOptions = { 'Directory' => '/var/lib/lemonldap-ng/sessions/', 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/', } | ||
| - | </file> | ||
| - | |||
| - | <note tip>If your sessions explorer is on the same server that the portal, either use the **adminSessions** end point in Manager configuration, or override the ''globalStorage'' and ''globalStorageOptions'' parameters in section all (and not portal) of ''lemonldap-ng.ini''. </note> | ||