Lemonldap::NG::Portal::AuthSsl 0.02 review

Download
by rbytes.net on

Lemonldap::NG::Portal::AuthSsl is a Perl extension for building Lemonldap compatible portals based on SSL v3 mechanisms. SYNOPSIS

License: Perl Artistic License
File size: 7K
Developer: Xavier Guimard
0 stars award from rbytes.net

Lemonldap::NG::Portal::AuthSsl is a Perl extension for building Lemonldap compatible portals based on SSL v3 mechanisms.

SYNOPSIS

use Lemonldap::NG::Portal::AuthSsl;
my $portal = new Lemonldap::NG::Portal(
domain => 'gendarmerie.defense.gouv.fr',
storageModule => 'Apache::Session::MySQL',
storageOptions => {
DataSource => 'dbi:mysql:database',
UserName => 'db_user',
Password => 'db_password',
TableName => 'sessions',
},
ldapServer => 'ldap.domaine.com',
cookie_secure => 1,
);
# Example of overloading: choose the LDAP variables to store
$portal->{setSessionInfo} = sub {
my ($self) = @_;
foreach $_ qw(uid cn mail appli) {
$self->{sessionInfo}->{$_} = $entry->get_value($_);
}
PE_OK;
};

if($portal->process()) {
# Write here the menu with CGI methods. This page is displayed ONLY IF
# the user was not redirected here.
print $portal->header; # DON'T FORGET THIS (see CGI(3))
print "...";

# or redirect the user to the menu
print $portal->redirect( -uri => 'https://portal/menu');
}
else {
# Write here the html form used to authenticate with CGI methods.
# $portal->error returns the error message if athentification failed
# Warning: by defaut, input names are "user" and "password"
print $portal->header; # DON'T FORGET THIS (see CGI(3))
print "...";
print '< form method="POST" >';
# In your form, the following value is required for redirection
print '< input type="hidden" name="url" value="'.$portal->param('url').'" >';
# Next, login and password
print 'Login : < input name="user" >< br >';
print 'Password : < input name="pasword" type="password" autocomplete="off" >';
print '< /form >';
}
Modify your httpd.conf:
< Location /My/File >
SSLVerifyClient require
SSLOptions +ExportCertData +CompatEnvVars +StdEnvVars
< /Location >

Lemonldap is a simple Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application (they just have to read some headers for accounting).

It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space. There are two ways to build a cross domain authentication:

Cross domain authentication itself (Lemonldap::Portal::Cda (not yet implemented in Lemonldap::NG))

"Liberty Alliance" (Lemonldap::LibertyAlliance::*)

This library just overload few methods of Lemonldap::NG::Portal to use Apache SSLv3 mechanism: we've just to verify that $ENV{SSL_CLIENT_S_DN_Email} exists. So remenber to export SSL variables to CGI.

See Lemonldap::NG::Portal for usage and other methods.

Requirements:
Perl

Lemonldap::NG::Portal::AuthSsl 0.02 keywords