.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "Lemonldap::NG::Portal::Auth 3pm" .TH Lemonldap::NG::Portal::Auth 3pm "2021-07-28" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Lemonldap:NG::Portal::Auth \- Writing authentication modules for LemonLDAP::NG. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& package Lemonldap::NG::Portal::Auth::My; \& \& use strict; \& use Mouse; \& # Add constants used by this module \& use Lemonldap::NG::Portal::Main::Constants qw(PE_OK); \& \& our $VERSION = \*(Aq0.1\*(Aq; \& \& # Directive provides by Mouse \& extends \*(AqLemonldap::NG::Portal::Main::Auth\*(Aq; \& \& sub init { \& ... \& } \& \& sub extractFormInfo { \& my ( $self, $req ) = @_; \& ... \& } \& \& sub authenticate { \& my ( $self, $req ) = @_; \& ... \& } \& \& sub setAuthSessionInfo { \& my ( $self, $req ) = @_; \& ... \& } \& \& sub authLogout { \& my ( $self, $req ) = @_; \& ... \& } \& \& sub getDisplayType { \& return ...; \& } \& \& 1; .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Lemonldap::NG::Portal::Main::Auth must be used to build Lemonldap::NG authentication modules. Authentication modules are independent objects that are instantiated by Lemonldap::NG portal. They must provide methods described below. .SH "METHODS" .IX Header "METHODS" .SS "Accessors and methods provided by Lemonldap::NG::Portal::Main::Auth" .IX Subsection "Accessors and methods provided by Lemonldap::NG::Portal::Main::Auth" .IP "p: portal object" 4 .IX Item "p: portal object" .PD 0 .IP "conf: configuration hash (as reference)" 4 .IX Item "conf: configuration hash (as reference)" .IP "logger alias for p\->logger accessor" 4 .IX Item "logger alias for p->logger accessor" .IP "userLogger alias for p\->userLogger accessor" 4 .IX Item "userLogger alias for p->userLogger accessor" .IP "error: alias for p\->error method" 4 .IX Item "error: alias for p->error method" .IP "authnLevel: Lemonldap::NG authentication level" 4 .IX Item "authnLevel: Lemonldap::NG authentication level" .PD .PP \fI\*(L"Routes\*(R" management\fR .IX Subsection "Routes management" .PP Like each module that inherits from Lemonldap::NG::Portal::Plugin, Lemonldap::NG::Portal::Main::Auth provides \s-1URI\s0 path functions: .IP "addAuthRoute: wrapper to Lemonldap::NG::Handler::PSGI::Try \fBaddAuthRoute()\fR method" 4 .IX Item "addAuthRoute: wrapper to Lemonldap::NG::Handler::PSGI::Try addAuthRoute() method" .PD 0 .IP "addUnauthRoute: wrapper to Lemonldap::NG::Handler::PSGI::Try \fBaddUnauthRoute()\fR method" 4 .IX Item "addUnauthRoute: wrapper to Lemonldap::NG::Handler::PSGI::Try addUnauthRoute() method" .PD .PP Example: .PP .Vb 11 \& sub init { \& ... \& $self\->addAuthRoute( saml => { proxy => "proxySub" }, [ \*(AqGET\*(Aq, \*(AqPOST\*(Aq ] ); \& ... \& } \& sub proxySub { \& my ( $self, $req ) = @_; \& ... \& # This sub must return a PSGI response. Example \& return [ 302, [ Location => \*(Aqhttp://x.y/\*(Aq ], [] ]; \& } .Ve .PP This means that requests http://auth.../saml/proxy will be given to \fBproxySub()\fR method. .SS "Methods that must be provided by an authentication module" .IX Subsection "Methods that must be provided by an authentication module" \fI\f(BIinit()\fI\fR .IX Subsection "init()" .PP Method launched after object creation (after each configuration reload). It must return a true value if authentication module is ready, false else. .PP \fIMethods called at each request\fR .IX Subsection "Methods called at each request" .PP All these methods must return a Lemonldap::NG::Portal::Main::Constants value. They are called with one argument: a Lemonldap::NG::Portal::Main::Request object. .PP Note: if you want to change \fBprocess()\fR next steps, you just have to change \&\f(CW$req\fR\->steps array. .PP extractFormInfo($req) .IX Subsection "extractFormInfo($req)" .PP First authentication method called during authentication process. It must set \&\f(CW$req\fR\->user that will be used by the userDB object to get user information. .PP authenticate($req) .IX Subsection "authenticate($req)" .PP Last method called during authentication process. .PP setAuthSessionInfo($req) .IX Subsection "setAuthSessionInfo($req)" .PP Method that must at least set \f(CW$req\fR\->{sessionInfo}\->{authenticationLevel} to an integer that indicates the strong of authentication. .PP Proposed levels: .IP "1: low level" 4 .IX Item "1: low level" .PD 0 .IP "2: web form level" 4 .IX Item "2: web form level" .IP "3: session based level (Kerberos for example)" 4 .IX Item "3: session based level (Kerberos for example)" .IP "5: strong authentication" 4 .IX Item "5: strong authentication" .PD .PP authForce($req) .IX Subsection "authForce($req)" .PP authLogout($req) .IX Subsection "authLogout($req)" .SH "LOGGING" .IX Header "LOGGING" Logging is provided by \f(CW$self\fR\->logger and \f(CW$self\fR\->userLogger. The following rules must be applied: .IP "logger\->debug: technical debugging messages" 4 .IX Item "logger->debug: technical debugging messages" .PD 0 .IP "logger\->info: simple technical information" 4 .IX Item "logger->info: simple technical information" .IP "logger\->notice: technical information that could interest administrators" 4 .IX Item "logger->notice: technical information that could interest administrators" .IP "logger\->warn: technical warning" 4 .IX Item "logger->warn: technical warning" .IP "logger\->error: error that must be reported to administrator" 4 .IX Item "logger->error: error that must be reported to administrator" .IP "userLogger\->info: simple information about user's action" 4 .IX Item "userLogger->info: simple information about user's action" .IP "userLogger\->notice: information that may be registered (auth success,...)" 4 .IX Item "userLogger->notice: information that may be registered (auth success,...)" .ie n .IP "userLogger\->warn: bad action of a user (auth failure). Auth/Combination transform it to ""info"" when another authentication scheme is available" 4 .el .IP "userLogger\->warn: bad action of a user (auth failure). Auth/Combination transform it to ``info'' when another authentication scheme is available" 4 .IX Item "userLogger->warn: bad action of a user (auth failure). Auth/Combination transform it to info when another authentication scheme is available" .IP "userLogger\->error: bad action of a user that must be reported, (even if another backend is available with Combination)" 4 .IX Item "userLogger->error: bad action of a user that must be reported, (even if another backend is available with Combination)" .PD .SH "AUTHORS" .IX Header "AUTHORS" .IP "LemonLDAP::NG team " 4 .IX Item "LemonLDAP::NG team " .SH "BUG REPORT" .IX Header "BUG REPORT" Use \s-1OW2\s0 system to report bug or ask for features: .SH "DOWNLOAD" .IX Header "DOWNLOAD" Lemonldap::NG is available at .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" See \s-1COPYING\s0 file for details. .PP This library is free software; you can redistribute it and/or modify it under the terms of the \s-1GNU\s0 General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. .PP This program is distributed in the hope that it will be useful, but \s-1WITHOUT ANY WARRANTY\s0; without even the implied warranty of \&\s-1MERCHANTABILITY\s0 or \s-1FITNESS FOR A PARTICULAR PURPOSE.\s0 See the \&\s-1GNU\s0 General Public License for more details. .PP You should have received a copy of the \s-1GNU\s0 General Public License along with this program. If not, see .