NAME

Lemonldap::NG::Portal - The authentication portal part of Lemonldap::NG Web-SSO system.

SYNOPSIS

Use any of Plack launcher. Example:

  #!/usr/bin/env plackup
  
  use Lemonldap::NG::Portal;
  
  # This must be the last instruction! See PSGI for more
  Lemonldap::NG::Portal->run($opts);

DESCRIPTION

Lemonldap::NG is a modular Web-SSO based on Apache::Session modules. It provides an easy way to build a secured area to protect applications with very few changes.

Lemonldap::NG manages both authentication and authorization. Furthermore it provides headers for accounting. So you can have a full AAA protection for your web space as described below.

Lemonldap::NG::Portal provides portal components. See http://lemonldap-ng.org for more.

KINEMATICS

The portal object is based on Lemonldap::NG::Handler::Try: underlying handler tries to authenticate user and follows initialized auth / unauth routes.

Initialization

Initialization process subscribes portal to handler configuration reload and requests handler initialization (Lemonldap::NG::Portal::Main::Init). So configuration is read by handler at each reload.

During configuration reload, each enabled components are loaded as plugins:

authentication module
userDB module
other enabled plugins (issuers,...)

init() is called for each plugin. If a plugin initialization fails (init() returns 0), the portal responds a 500 status code for each request.

See Lemonldap::NG::Portal::Main::Plugin to see how to write modules.

Main route

The "/" route is declared in Lemonldap::NG::Portal::Main::Init. It points to different methods in Lemonldap::NG::Portal::Main::Run. Theses methods select methods to call in the process and call do().

do() stores methods to call in $req->steps and launches Lemonldap::NG::Portal::Main::Process::process(). This method removes each method stored in $req->steps and launches it. If the result is PE_OK, process() continues, else it returns the error code.

If it is an Ajax request, do() responds in JSON format else it manages redirection if any. Else it calls Lemonldap::NG::Portal::Main::Display::display() to load template and arguments, and launches Lemonldap::NG::Common::PSGI::sendHtml() using them.

DEVELOPER INSTRUCTIONS

Portal main object is defined in Lemonldap::NG::Portal::Main::* classes. Other components are plugins. Plugins do not have to store any hash key in main object.

Main and plugin keys must be set during initialization process. They must be read-only during requests receiving.

The Lemonldap::NG::Portal::Main::Request request has fixed keys. A plugin that wants to store a temporary key must store it in $req->data or use defined keys, but it must never create a root key. Plugin keys may have explicit names to avoid conflicts.

Whole configuration is always available. It is stored in $self->conf. It must not be modified by any components even during initialization process or receiving request (during initialization, copy the value in the plugin namespace instead).

All plugins can access to portal methods using $self->p which points to portal main object. Some main methods are mapped to the plugin namespace:

logger() accessor to log
userLogger() accessor to log user actions
error() accessor (use it to store error during initialization)

SEE ALSO

Most of the documentation is available on http://lemonldap-ng.org website

OTHER POD FILES

Writing an authentication module: Lemonldap::NG::Portal::Auth
Writing a UserDB module: Lemonldap::NG::Portal::UserDB
Writing a second factor module: Lemonldap::NG::Portal::Main::SecondFactor
Writing an issuer module: Lemonldap::NG::Portal::Main::Issuer
Writing another plugin: Lemonldap::NG::Portal::Main::Plugin
Request object: Lemonldap::NG::Portal::Main::Request
Adding parameters in the manager: Lemonldap::NG::Manager::Build

AUTHORS

LemonLDAP::NG team http://lemonldap-ng.org/team

BUG REPORT

Use OW2 system to report bug or ask for features: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues

DOWNLOAD

Lemonldap::NG is available at http://forge.objectweb.org/project/showfiles.php?group_id=274

COPYRIGHT AND LICENSE

See COPYING file for details.

This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.