NAME

Lemonldap:NG::Portal::Auth - Writing authentication modules for LemonLDAP::NG.

SYNOPSIS

  package Lemonldap::NG::Portal::Auth::My;
  
  use strict;
  use Mouse;
  # Add constants used by this module
  use Lemonldap::NG::Portal::Main::Constants qw(PE_OK);
  
  our $VERSION = '0.1';
  
  # Directive provides by Mouse
  extends 'Lemonldap::NG::Portal::Main::Auth';

  sub init {
      ...
  }
  
  sub extractFormInfo {
      my ( $self, $req ) = @_;
      ...
  }
  
  sub authenticate {
      my ( $self, $req ) = @_;
      ...
  }
  
  sub setAuthSessionInfo {
      my ( $self, $req ) = @_;
      ...
  }
  
  sub authLogout {
      my ( $self, $req ) = @_;
      ...
  }
  
  sub getDisplayType {
      return ...;
  }
  
  1;

DESCRIPTION

Lemonldap::NG::Portal::Main::Auth must be used to build Lemonldap::NG authentication modules. Authentication modules are independent objects that are instantiated by Lemonldap::NG portal. They must provide methods described below.

METHODS

Accessors and methods provided by Lemonldap::NG::Portal::Main::Auth

p: portal object
conf: configuration hash (as reference)
logger alias for p->logger accessor
userLogger alias for p->userLogger accessor
error: alias for p->error method
authnLevel: Lemonldap::NG authentication level

"Routes" management

Like each module that inherits from Lemonldap::NG::Portal::Plugin, Lemonldap::NG::Portal::Main::Auth provides URI path functions:

addAuthRoute: wrapper to Lemonldap::NG::Handler::PSGI::Try addAuthRoute() method
addUnauthRoute: wrapper to Lemonldap::NG::Handler::PSGI::Try addUnauthRoute() method

Example:

  sub init {
      ...
      $self->addAuthRoute( saml => { proxy => "proxySub" }, [ 'GET', 'POST' ] );
      ...
  }
  sub proxySub {
      my ( $self, $req ) = @_;
      ...
      # This sub must return a PSGI response. Example
      return [ 302, [ Location => 'http://x.y/' ], [] ];
  }

This means that requests http://auth.../saml/proxy will be given to proxySub() method.

Methods that must be provided by an authentication module

init()

Method launched after object creation (after each configuration reload). It must return a true value if authentication module is ready, false else.

Methods called at each request

All these methods must return a Lemonldap::NG::Portal::Main::Constants value. They are called with one argument: a Lemonldap::NG::Portal::Main::Request object.

Note: if you want to change process() next steps, you just have to change $req->steps array.

extractFormInfo($req)

First authentication method called during authentication process. It must set $req->user that will be used by the userDB object to get user information.

authenticate($req)

Last method called during authentication process.

setAuthSessionInfo($req)

Method that must at least set $req->{sessionInfo}->{authenticationLevel} to an integer that indicates the strong of authentication.

Proposed levels:

1: low level
2: web form level
3: session based level (Kerberos for example)
5: strong authentication

authForce($req)

authLogout($req)

LOGGING

Logging is provided by $self->logger and $self->userLogger. The following rules must be applied:

logger->debug: technical debugging messages
logger->info: simple technical information
logger->notice: technical information that could interest administrators
logger->warn: technical warning
logger->error: error that must be reported to administrator
userLogger->info: simple information about user's action
userLogger->notice: information that may be registered (auth success,...)
userLogger->warn: bad action of a user (auth failure). Auth/Combination transform it to "info" when another authentication scheme is available
userLogger->error: bad action of a user that must be reported, (even if another backend is available with Combination)

AUTHORS

LemonLDAP::NG team http://lemonldap-ng.org/team

BUG REPORT

Use OW2 system to report bug or ask for features: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues

DOWNLOAD

Lemonldap::NG is available at http://forge.objectweb.org/project/showfiles.php?group_id=274

COPYRIGHT AND LICENSE

See COPYING file for details.

This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

To install Lemonldap::NG::Portal, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Lemonldap::NG::Portal

CPAN shell

perl -MCPAN -e shell
install Lemonldap::NG::Portal

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)