The Portal
The Portal is the main component of LL::NG. It provides many features:
- Authentication service of course
- Web based for normal users:
- using own database (LDAP, SQL, ...)
- using web server authentication system (used for
SSL, Kerberos,
HTTP basic authentication, ...)
- using external identity provider (SAML,
OpenID, CAS,
Twitter, other LL::NG system, ...)
- all together (based on user choice,
rules, ...)
- SOAP based and
REST based for client-server software,
specific development, ...
- Identity provider: LL::NG is able to provide identity service
using:
- Identity provider proxy: LL::NG can be
used as proxy translator between systems talking SAML, OpenID, CAS,
...
- Internal SOAP server used by
SOAP configuration backend and usable for
specific development (see SOAP services for
more)
- Internal REST server used by
REST configuration backend and usable for
specific development (see REST services for
more)
- Interactive management of user passwords:
- Password change form (in menu)
- Self service reset (send a mail to the user with a to change the
password)
- Force password change with LDAP password policy password reset
flag
- Application menu: display authorized
applications in categories
- Notifications: prompt users with a message
if found in the notification database
- Second factors management
How it works
LL::NG portal is a modular component. It needs 4 modules to work:
Tip
Each module can be disabled using the Null backend.
Kinematics
- Check if requested URL is valid
- Check if user is already authenticated
- If not authenticated (or authentication is forced), try to find
(userDB module) and authenticate him (auth module), collect user data,
compute groups and macros, ask for second factor if required,
create a session and store it. LL::NG affords a captcha feature
which can be enabled.
- Modify password if asked (password module)
- Provide identity if asked (IdP module)
- Build cookie(s)
- Redirect user to the asked URL or display dynamic menu
URL parameters
Some parameters in URL can change Portal behaviour:
- confirm: Bypass confirmation page (for example: confirm=1)
- llnglanguage: Force lang used to display the page (for example: llnglanguage=fr)
- logout: Launch logout process (for example: logout=1)
- tab: Preselect a tab (Choice or Menu) (for example: tab=password)
- setCookieLang: Update lang cookie to keep language set with llnglanguage parameter
(for example: setCookieLang=1)