Scroll to navigation

Lemonldap::NG::Portal::Auth(3pm) User Contributed Perl Documentation Lemonldap::NG::Portal::Auth(3pm)

NAME

Lemonldap:NG::Portal::Auth - Writing authentication modules for LemonLDAP::NG.

SYNOPSIS

  package Lemonldap::NG::Portal::Auth::My;
  
  use strict;
  use Mouse;
  # Add constants used by this module
  use Lemonldap::NG::Portal::Main::Constants qw(PE_OK);
  
  our $VERSION = '0.1';
  
  # Directive provides by Mouse
  extends 'Lemonldap::NG::Portal::Main::Auth';
  sub init {
      ...
  }
  
  sub extractFormInfo {
      my ( $self, $req ) = @_;
      ...
  }
  
  sub authenticate {
      my ( $self, $req ) = @_;
      ...
  }
  
  sub setAuthSessionInfo {
      my ( $self, $req ) = @_;
      ...
  }
  
  sub authLogout {
      my ( $self, $req ) = @_;
      ...
  }
  
  sub getDisplayType {
      return ...;
  }
  
  1;

DESCRIPTION

Lemonldap::NG::Portal::Main::Auth must be used to build Lemonldap::NG authentication modules. Authentication modules are independent objects that are instantiated by Lemonldap::NG portal. They must provide methods described below.

METHODS

Accessors and methods provided by Lemonldap::NG::Portal::Main::Auth

"Routes" management

Like each module that inherits from Lemonldap::NG::Portal::Plugin, Lemonldap::NG::Portal::Main::Auth provides URI path functions:

Example:

  sub init {
      ...
      $self->addAuthRoute( saml => { proxy => "proxySub" }, [ 'GET', 'POST' ] );
      ...
  }
  sub proxySub {
      my ( $self, $req ) = @_;
      ...
      # This sub must return a PSGI response. Example
      return [ 302, [ Location => 'http://x.y/' ], [] ];
  }

This means that requests http://auth.../saml/proxy will be given to proxySub() method.

Methods that must be provided by an authentication module

init()

Method launched after object creation (after each configuration reload). It must return a true value if authentication module is ready, false else.

Methods called at each request

All these methods must return a Lemonldap::NG::Portal::Main::Constants value. They are called with one argument: a Lemonldap::NG::Portal::Main::Request object.

Note: if you want to change process() next steps, you just have to change $req->steps array.

extractFormInfo($req)

First authentication method called during authentication process. It must set $req->user that will be used by the userDB object to get user information.

authenticate($req)

Last method called during authentication process.

setAuthSessionInfo($req)

Method that must at least set $req->{sessionInfo}->{authenticationLevel} to an integer that indicates the strong of authentication.

Proposed levels:

1: low level
2: web form level
3: session based level (Kerberos for example)
5: strong authentication

authForce($req)

authLogout($req)

LOGGING

Logging is provided by $self->logger and $self->userLogger. The following rules must be applied:

AUTHORS

http://lemonldap-ng.org/team>

BUG REPORT

Use OW2 system to report bug or ask for features: <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>

DOWNLOAD

Lemonldap::NG is available at <https://lemonldap-ng.org/download>

COPYRIGHT AND LICENSE

See COPYING file for details.

This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.

2022-02-17 perl v5.34.0