<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"> <head> <meta name="generator" content= "HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" /> <title>Lemonldap::NG documentation: 4.5-Proxy-authentication-module.html</title> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <style type="text/css"> /*<![CDATA[*/ body{ background: #ddd; font-family: sans-serif; font-size: 11pt; padding: 0 50px; } div.main-content{ padding: 10px; background: #fff; border: 2px #ccc solid; } a{ text-decoration: none; } p.footer{ text-align: center; margin: 5px 0 0 0; } .heading-1{ text-align: center; color: orange; font-variant: small-caps; font-size: 20pt; } .heading-1-1{ color: orange; font-size: 14pt; border-bottom: 2px #ccc solid; } pre{ background: #eee; border: 2px #ccc solid; padding: 5px; border-left: 10px #ccc solid; } ul.star li{ list-style-type: square; } /*]]>*/ </style> </head> <body> <div class="main-content"> <h2 class="heading-1"><span id="HProxy">Proxy</span></h2> <p class="paragraph"></p> <ul> <li> <a href="#HConfiguration">Configuration</a> <ul> <li><a href="#HExternalportal">External portal</a></li> <li><a href="#HInternalportal">Internal portal</a></li> </ul> </li> </ul>Since version 1.0, Lemonldap::NG is able to transfer authentication credentials to another Lemonldap::NG portal (reverse-proxy). <p class="paragraph"></p>The difference with <span class= "wikilink"><a href="4.5-Remote-authentication-backend.html">Remote authentication module</a></span> is that the client will never be redirect to the main Lemonldap::NG portal. This configuration is usable if you want to expose your internal SSO to another network (DMZ). <h3 class="heading-1-1"><span id= "HConfiguration">Configuration</span></h3> <h4 class="heading-1-1-1"><span id="HExternalportal">External portal</span></h4> <p class="paragraph"></p>You just have to set both authentication and userDB to "Proxy" and to set the internal SOAP service address: <p class="paragraph"></p> <div class="code"> <pre> authentication => 'Proxy', userDB => 'Proxy', soapAuthService => 'https://auth.internal.network/', # If cookie names deffer, set it here: #remoteCookieName => 'lemonldap', # If SOAP session service is not ${soapAuthService}index.pl/sessions, set it here: #soapSessionService => 'https://auth2.internal.network/index.pl/sessions', </pre> </div> <h4 class="heading-1-1-1"><span id="HInternalportal">Internal portal</span></h4><br /> <br /> The portal must be configured to accept SOAP authentication requests :<br /> <br /> <div class="code"> <pre> Soap => 1, </pre> </div><br /> <br /> Don't forget to accept SOAP session request in your apache.conf file :<br /> <br /> <div class="code"> <pre> <Directory /<span class= "java-keyword">var</span>/lib/lemonldap-ng/portal/index.pl/sessions> Order deny,allow Deny from all Allow from my.external.portal </Directory> </pre> </div> </div> <p class="footer"><a href="index.html">Index</a></p> </body> </html>