Differences
This shows you the differences between two versions of the page.
documentation:latest:soapsessionbackend [2016/07/19 12:10] 127.0.0.1 external edit |
documentation:latest:soapsessionbackend [2019/04/04 20:34] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== SOAP session backend ====== | ||
- | LL::NG portal provides SOAP end points for sessions management: | ||
- | * **sessions/**: read only access to sessions (enough for distant Handlers) | ||
- | * **adminSessions/**: read/write access to sessions (required for distant Portal, distant Manager or distant Handlers which modify sessions) | ||
- | |||
- | This session backend can be used to share sessions stored in a non-network backend (like [[filesessionbackend|file session backend]]) or in a network backend protected with a firewall that only accepts HTTP flows. | ||
- | |||
- | Most of the time, SOAP session backend is used by Handlers installed on external servers. | ||
- | |||
- | To configure it, SOAP session backend will be set trough Manager in global configuration (used by all Hanlders), and the real session backend will be configured for local components in lemonldap-ng.ini. | ||
- | |||
- | ===== Setup ===== | ||
- | |||
- | ==== Manager ==== | ||
- | |||
- | First, active SOAP in ''General parameters'' » ''Advanced parameters'' » ''SOAP''. | ||
- | |||
- | Then, set ''Lemonldap::NG::Common::Apache::Session::SOAP'' in ''General parameters'' » ''Sessions'' » ''Session storage'' » ''Apache::Session module'' and add the following parameters (case sensitive): | ||
- | |||
- | ^ Required parameters ^^^ | ||
- | ^ Name ^ Comment ^ Example ^ | ||
- | | **proxy** | URL of sessions SOAP end point | %%http://auth.example.com/index.pl/sessions%% | | ||
- | |||
- | <note tip>Use /adminSessions if the Handler need to modify the session, for example if you configured an idle timeout.</note> | ||
- | |||
- | ==== Apache ==== | ||
- | |||
- | Sessions SOAP end points access must be allowed in Apache portal configuration (for example, access by IP range): | ||
- | |||
- | <file apache> | ||
- | # SOAP functions for sessions management (disabled by default) | ||
- | <Location /index.pl/adminSessions> | ||
- | Order deny,allow | ||
- | Deny from all | ||
- | Allow from 192.168.2.0/24 | ||
- | </Location> | ||
- | |||
- | # SOAP functions for sessions access (disabled by default) | ||
- | <Location /index.pl/sessions> | ||
- | Order deny,allow | ||
- | Deny from all | ||
- | Allow from 192.168.2.0/24 | ||
- | </Location> | ||
- | </file> | ||
- | |||
- | ==== Real session backend ==== | ||
- | |||
- | Real session backend will be configured in ''lemonldap-ng.ini'', in ''portal'' section (the portal hosts the SOAP service for sessions, and will do the link between SOAP requests and real sessions). | ||
- | |||
- | For example, if real sessions are stored in [[filesessionbackend|files]]: | ||
- | |||
- | <file ini> | ||
- | [portal] | ||
- | globalStorage = Apache::Session::File | ||
- | globalStorageOptions = { 'Directory' => '/var/lib/lemonldap-ng/sessions/', 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/', } | ||
- | </file> | ||
- | |||
- | <note tip>If your sessions explorer is on the same server that the portal, either use the **adminSessions** end point in Manager configuration, or override the ''globalStorage'' and ''globalStorageOptions'' parameters in section all (and not portal) of ''lemonldap-ng.ini''. </note> |