Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:writingrulesand_headers [2019/07/09 16:10]
dcoutadeur [Rules on authentication level]
documentation:latest:writingrulesand_headers [2019/11/06 10:11] (current)
cmaudoux [Rules based on authentication level]
Line 55: Line 55:
 <note important>​Only current application is concerned by logout_app* targets. Be careful with some applications which doesn'​t verify Lemonldap::​NG headers after having created their own cookies. If so, you can redirect users to a HTML page that explain that it is safe to close browser after disconnect.</​note>​ <note important>​Only current application is concerned by logout_app* targets. Be careful with some applications which doesn'​t verify Lemonldap::​NG headers after having created their own cookies. If so, you can redirect users to a HTML page that explain that it is safe to close browser after disconnect.</​note>​
  
-==== Rules on authentication level ====+==== Rules based on authentication level ====
  
-LLNG set an "​authentication level" during authentication process. This level is the value of the authentication backend used for this user. Default values are:+LLNG set an "​authentication level" during authentication process. This level depends on authentication backend used by this user. Default values are:
   * 0 for [[authnull|Null]]   * 0 for [[authnull|Null]]
   * 1 for [[authcas|CAS]],​ [[authopenid|old OpenID-2]], [[authfacebook|Facebook]],​…   * 1 for [[authcas|CAS]],​ [[authopenid|old OpenID-2]], [[authfacebook|Facebook]],​…
Line 65: Line 65:
   * 5 for [[authssl|SSL]]   * 5 for [[authssl|SSL]]
  
-There are two way to impose users to have high authentication level: +There are three ways to impose users a higher ​authentication level: 
-  * writing a rule based en authentication level: ''​$authenticationLevel > 3''​ +  * writing a rule based on authentication level: ''​$authenticationLevel > 3''​ 
-  * since 2.0, set a minimum level in virtual host options+  * since 2.0, set a minimum level in virtual host options ​(default value for ALL access rules) 
 +  * since 2.0.7, a minimum authentication level can be set for each URI access rule. Useful if URI are protected by different types of handler (AuthBasic -> level 2, Main -> level set by authentication backend).
  
-<note tip>​Instead of returning a 403 code, "​minimum level" returns user to a form that explain that a higher level is required and propose ​the user to reauthenticate himself.</​note>​+<note tip>​Instead of returning a 403 code, "​minimum level" returns user to a form that explain that a higher level is required and propose to reauthenticate himself.</​note>​
  
 ===== Headers ===== ===== Headers =====