For application not managing other provider protocols (CAS, OpenID Connect, SAML,...) it is possible to configure LL::NG as a provider of GET parameters:
http://auth.example.com/get/login?url=base64(application_url)
Danger
Passing such sensitive information can be dangerous. Using other well-known secured protocols is recommended.
There is also the possibility to trigger a logout action by passing the
return url , such as
http://auth.example.com/get/logout?url=base64(return_url)
In the Manager, go in General Parameters
» Issuer modules
»
GET
and configure:
On
.^/get/
unless you have change
Apache portal configuration file.Tip
For example, to allow only users with a strong authentication level:
$authenticationLevel > 2
Then go in Get parameters
to define variables to transmit:
For example:
"test1.example.com" => {
"id" => "_session_id",
}
Danger
In the previous example, _session_id is quite sensitive, thus it is encouraged that the application revalidate _session_id using getCookie() SOAP call to avoid some security problems
Tip
If host is not already registered in virtual hosts, you need to declare it in trusted domains to allow redirection