The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
 / 
Lemonldap-NG-Portal-0.11
River stage zero No dependents
2 ++
/ Lemonldap::NG::Portal::AuthSsl

NAME

Lemonldap::NG::Portal::AuthSsl - Perl extension for building Lemonldap compatible portals based on SSL v3 mechanisms.

SYNOPSIS

  use Lemonldap::NG::Portal::AuthSsl;
  my $portal = new Lemonldap::NG::Portal(
         domain         => 'gendarmerie.defense.gouv.fr',
         storageModule  => 'Apache::Session::MySQL',
         storageOptions => {
           DataSource   => 'dbi:mysql:database',
           UserName     => 'db_user',
           Password     => 'db_password',
           TableName    => 'sessions',
         },
         ldapServer     => 'ldap.domaine.com',
         cookie_secure  => 1,
    );
  # Example of overloading: choose the LDAP variables to store
  $portal->{setSessionInfo} = sub {
    my ($self) = @_;
    foreach $_ qw(uid cn mail appli) {
        $self->{sessionInfo}->{$_} = $entry->get_value($_);
    }
    PE_OK;
  };

  if($portal->process()) {
    # Write here the menu with CGI methods. This page is displayed ONLY IF
    # the user was not redirected here.
    print $portal->header; # DON'T FORGET THIS (see CGI(3))
    print "...";

    # or redirect the user to the menu
    print $portal->redirect( -uri => 'https://portal/menu');
  }
  else {
    # Write here the html form used to authenticate with CGI methods.
    # $portal->error returns the error message if athentification failed
    # Warning: by defaut, input names are "user" and "password"
    print $portal->header; # DON'T FORGET THIS (see CGI(3))
    print "...";
    print '<form method="POST">';
    # In your form, the following value is required for redirection
    print '<input type="hidden" name="url" value="'.$portal->param('url').'">';
    # Next, login and password
    print 'Login : <input name="user"><br>';
    print 'Password : <input name="pasword" type="password" autocomplete="off">';
    print '</form>';
  }

Modify your httpd.conf:

  <Location /My/File>
    SSLVerifyClient require
    SSLOptions +ExportCertData +CompatEnvVars +StdEnvVars
  </Location>

DESCRIPTION

Lemonldap is a simple Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application (they just have to read some headers for accounting).

It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space. There are two ways to build a cross domain authentication:

  • Cross domain authentication itself (Lemonldap::Portal::Cda (not yet implemented in Lemonldap::NG))

  • "Liberty Alliance" (Lemonldap::LibertyAlliance::*)

This library just overload few methods of Lemonldap::NG::Portal to use Apache SSLv3 mechanism: we've just to verify that $ENV{SSL_CLIENT_S_DN_Email} exists. So remenber to export SSL variables to CGI.

See Lemonldap::NG::Portal for usage and other methods.

SEE ALSO

Lemonldap::NG::Portal(3)

AUTHOR

Xavier Guimard, <x.guimard@free.fr>

COPYRIGHT AND LICENSE

Copyright (C) 2005 by Xavier Guimard <x.guimard@free.fr>

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.

Lemonldap was originaly written by Eric german who decided to publish him in 2003 under the terms of the GNU General Public License version 2. Lemonldap::NG is a complete rewrite of Lemonldap and is able to have different policies in a same Apache virtual host.