1Lemonldap::NG::Portal::UAsuetrh(C3o)ntributed Perl DocumLeenmtoantlidoanp::NG::Portal::Auth(3)
2
3
4

NAME

6       Lemonldap:NG::Portal::Auth - Writing authentication modules for
7       LemonLDAP::NG.
8

SYNOPSIS

10         package Lemonldap::NG::Portal::Auth::My;
11
12         use strict;
13         use Mouse;
14         # Add constants used by this module
15         use Lemonldap::NG::Portal::Main::Constants qw(PE_OK);
16
17         our $VERSION = '0.1';
18
19         # Directive provides by Mouse
20         extends 'Lemonldap::NG::Portal::Main::Auth';
21
22         sub init {
23             ...
24         }
25
26         sub extractFormInfo {
27             my ( $self, $req ) = @_;
28             ...
29         }
30
31         sub authenticate {
32             my ( $self, $req ) = @_;
33             ...
34         }
35
36         sub setAuthSessionInfo {
37             my ( $self, $req ) = @_;
38             ...
39         }
40
41         sub authLogout {
42             my ( $self, $req ) = @_;
43             ...
44         }
45
46         sub getDisplayType {
47             return ...;
48         }
49
50         1;
51

DESCRIPTION

53       Lemonldap::NG::Portal::Main::Auth must be used to build Lemonldap::NG
54       authentication modules. Authentication modules are independent objects
55       that are instantiated by Lemonldap::NG portal. They must provide
56       methods described below.
57

METHODS

59   Accessors and methods provided by Lemonldap::NG::Portal::Main::Auth
60       p: portal object
61       conf: configuration hash (as reference)
62       logger alias for p->logger accessor
63       userLogger alias for p->userLogger accessor
64       error: alias for p->error method
65       authnLevel: Lemonldap::NG authentication level
66
67       "Routes" management
68
69       Like each module that inherits from Lemonldap::NG::Portal::Plugin,
70       Lemonldap::NG::Portal::Main::Auth provides URI path functions:
71
72       addAuthRoute: wrapper to Lemonldap::NG::Handler::PSGI::Try
73       addAuthRoute() method
74       addUnauthRoute: wrapper to Lemonldap::NG::Handler::PSGI::Try
75       addUnauthRoute() method
76
77       Example:
78
79         sub init {
80             ...
81             $self->addAuthRoute( saml => { proxy => "proxySub" }, [ 'GET', 'POST' ] );
82             ...
83         }
84         sub proxySub {
85             my ( $self, $req ) = @_;
86             ...
87             # This sub must return a PSGI response. Example
88             return [ 302, [ Location => 'http://x.y/' ], [] ];
89         }
90
91       This means that requests http://auth.../saml/proxy will be given to
92       proxySub() method.
93
94   Methods that must be provided by an authentication module
95       init()
96
97       Method launched after object creation (after each configuration
98       reload). It must return a true value if authentication module is ready,
99       false else.
100
101       Methods called at each request
102
103       All these methods must return a Lemonldap::NG::Portal::Main::Constants
104       value.  They are called with one argument: a
105       Lemonldap::NG::Portal::Main::Request object.
106
107       Note: if you want to change process() next steps, you just have to
108       change $req->steps array.
109
110       extractFormInfo($req)
111
112       First authentication method called during authentication process. It
113       must set $req->user that will be used by the userDB object to get user
114       information.
115
116       authenticate($req)
117
118       Last method called during authentication process.
119
120       setAuthSessionInfo($req)
121
122       Method that must at least set
123       $req->{sessionInfo}->{authenticationLevel} to an integer that indicates
124       the strong of authentication.
125
126       Proposed levels:
127
128       1: low level
129       2: web form level
130       3: session based level (Kerberos for example)
131       5: strong authentication
132
133       authForce($req)
134
135       authLogout($req)
136

LOGGING

138       Logging is provided by $self->logger and $self->userLogger. The
139       following rules must be applied:
140
141       logger->debug: technical debugging messages
142       logger->info: simple technical information
143       logger->notice: technical information that could interest
144       administrators
145       logger->warn: technical warning
146       logger->error: error that must be reported to administrator
147       userLogger->info: simple information about user's action
148       userLogger->notice: information that may be registered (auth
149       success,...)
150       userLogger->warn: bad action of a user (auth failure). Auth/Combination
151       transform it to "info" when another authentication scheme is available
152       userLogger->error: bad action of a user that must be reported, (even if
153       another backend is available with Combination)
154

AUTHORS

156       LemonLDAP::NG team <http://lemonldap-ng.org/team>
157

BUG REPORT

159       Use OW2 system to report bug or ask for features:
160       <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
161

DOWNLOAD

163       Lemonldap::NG is available at <https://lemonldap-ng.org/download>
164

COPYRIGHT AND LICENSE

166       See COPYING file for details.
167
168       This library is free software; you can redistribute it and/or modify it
169       under the terms of the GNU General Public License as published by the
170       Free Software Foundation; either version 2, or (at your option) any
171       later version.
172
173       This program is distributed in the hope that it will be useful, but
174       WITHOUT ANY WARRANTY; without even the implied warranty of
175       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
176       General Public License for more details.
177
178       You should have received a copy of the GNU General Public License along
179       with this program.  If not, see <http://www.gnu.org/licenses/>.
180
181
182
183perl v5.36.1                      2023-11-14    Lemonldap::NG::Portal::Auth(3)