Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
documentation:latest:writingrulesand_headers [2019/01/15 15:54]
127.0.0.1 external edit
documentation:latest:writingrulesand_headers [2019/11/06 10:05]
cmaudoux [Rules on authentication level]
Line 55: Line 55:
 <note important>​Only current application is concerned by logout_app* targets. Be careful with some applications which doesn'​t verify Lemonldap::​NG headers after having created their own cookies. If so, you can redirect users to a HTML page that explain that it is safe to close browser after disconnect.</​note>​ <note important>​Only current application is concerned by logout_app* targets. Be careful with some applications which doesn'​t verify Lemonldap::​NG headers after having created their own cookies. If so, you can redirect users to a HTML page that explain that it is safe to close browser after disconnect.</​note>​
  
-==== Rules on authentication level ====+==== Rules based on authentication level ====
  
-LLNG set an "​authentication level" during authentication process. This level is the value of the authentication backend used for this user. Default values are:+LLNG set an "​authentication level" during authentication process. This level depends on authentication backend used by this user. Default values are:
   * 0 for [[authnull|Null]]   * 0 for [[authnull|Null]]
   * 1 for [[authcas|CAS]],​ [[authopenid|old OpenID-2]], [[authfacebook|Facebook]],​…   * 1 for [[authcas|CAS]],​ [[authopenid|old OpenID-2]], [[authfacebook|Facebook]],​…
Line 65: Line 65:
   * 5 for [[authssl|SSL]]   * 5 for [[authssl|SSL]]
  
-There are two way to impose users to have high authentication level: +There are three ways to impose users a higher ​authentication level: 
-  * writing a rule based en authentication level: ''​$authenticationLevel > 3''​ +  * writing a rule based on authentication level: ''​$authenticationLevel > 3''​ 
-  * since 2.0, set a minimum level in virtual host options+  * since 2.0, set a minimum level in virtual host options ​(default value for ALL access rules) 
 +  * since 2.0.7, a minimum authentication level can be set for each URI access rule.
  
-<note tip>​Instead of returning a 403 code, "​minimum level" returns user to a form that explain that a higher level is required and propose ​to user to reauthenticate ​itself.</​note>​+<note tip>​Instead of returning a 403 code, "​minimum level" returns user to a form that explain that a higher level is required and propose to reauthenticate ​himself.</​note>​
  
 ===== Headers ===== ===== Headers =====