Lemonldap::NG::Portal::AuthSsl - Perl extension for building Lemonldap compatible portals based on SSL v3 mechanisms.
use Lemonldap::NG::Portal::AuthSsl; my $portal = new Lemonldap::NG::Portal( domain => 'gendarmerie.defense.gouv.fr', storageModule => 'Apache::Session::MySQL', storageOptions => { DataSource => 'dbi:mysql:database', UserName => 'db_user', Password => 'db_password', TableName => 'sessions', }, ldapServer => 'ldap.domaine.com', cookie_secure => 1, ); # Example of overloading: choose the LDAP variables to store $portal->{setSessionInfo} = sub { my ($self) = @_; foreach $_ qw(uid cn mail appli) { $self->{sessionInfo}->{$_} = $entry->get_value($_); } PE_OK; }; if($portal->process()) { # Write here the menu with CGI methods. This page is displayed ONLY IF # the user was not redirected here. print $portal->header; # DON'T FORGET THIS (see CGI(3)) print "..."; # or redirect the user to the menu print $portal->redirect( -uri => 'https://portal/menu'); } else { # Write here the html form used to authenticate with CGI methods. # $portal->error returns the error message if athentification failed # Warning: by defaut, input names are "user" and "password" print $portal->header; # DON'T FORGET THIS (see CGI(3)) print "..."; print '<form method="POST">'; # In your form, the following value is required for redirection print '<input type="hidden" name="url" value="'.$portal->param('url').'">'; # Next, login and password print 'Login : <input name="user"><br>'; print 'Password : <input name="pasword" type="password" autocomplete="off">'; print '</form>'; }
Modify your httpd.conf:
<Location /My/File> SSLVerifyClient require SSLOptions +ExportCertData +CompatEnvVars +StdEnvVars </Location>
Lemonldap is a simple Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application (they just have to read some headers for accounting).
It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space. There are two ways to build a cross domain authentication:
Cross domain authentication itself (Lemonldap::Portal::Cda (not yet implemented in Lemonldap::NG))
"Liberty Alliance" (Lemonldap::LibertyAlliance::*)
This library just overload few methods of Lemonldap::NG::Portal to use Apache SSLv3 mechanism: we've just to verify that $ENV{SSL_CLIENT_S_DN_Email} exists. So remenber to export SSL variables to CGI.
See Lemonldap::NG::Portal for usage and other methods.
Lemonldap::NG::Portal(3)
Xavier Guimard, <x.guimard@free.fr>
Copyright (C) 2005 by Xavier Guimard <x.guimard@free.fr>
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.
Lemonldap was originaly written by Eric german who decided to publish him in 2003 under the terms of the GNU General Public License version 2. Lemonldap::NG is a complete rewrite of Lemonldap and is able to have different policies in a same Apache virtual host.
To install Lemonldap::NG::Portal, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Lemonldap::NG::Portal
CPAN shell
perl -MCPAN -e shell install Lemonldap::NG::Portal
For more information on module installation, please visit the detailed CPAN module installation guide.