1Lemonldap::NG::Portal::UMsaeirn:C:oInstsruiebru(t3e)d PeLrelmoDnolcduampe:n:tNaGt:i:oPnortal::Main::Issuer(3)
2
3
4

NAME

6       Lemonldap::NG::Portal::Main::Issuer - Base class for identity
7       providers.
8

SYNOPSIS

10         package Lemonldap::NG::Portal::Issuer::My;
11         use strict;
12         use Mouse;
13         extends 'Lemonldap::NG::Portal::Main::Issuer';
14         use Lemonldap::NG::Portal::Main::Constants qw(PE_OK);
15
16         # Required: URL root path
17         use constant path => 'saml';
18
19         # Optional initialization method
20         sub init {
21             my ($self) = @_;
22             ...
23             # Must return 1 (succeed) or 0 (failure)
24         }
25
26         # Required methods are run() and logout(), they are launched only for
27         # authenticated users
28         # $req is a Lemonldap::NG::Portal::Main::Request object
29         # They must return a Lemonldap::NG::Portal::Main::Constants constant
30         sub run {
31             my ( $self, $req ) = @_
32             ...
33             return PE_OK
34         }
35
36         sub logout {
37             my ( $self, $req ) = @_
38             ...
39             return PE_OK
40         }
41         1;
42

DESCRIPTION

44       Lemonldap::NG::Portal::Main::Issuer is a base class to write identity
45       providers for Lemonldap::NG web-SSO system. It provide several methods
46       to write easily an IdP and manage authentication if the identity
47       request comes before authentication.
48

WRITING AN IDENTITY PROVIDER

50       To write a classic identity provider, you just have to inherit this
51       class and write run() and logout() methods. These methods must return a
52       Lemonldap::NG::Portal::Main::Constants constant.
53
54       A classic identity provider needs a "issuerDB>XXX<Path" parameter in
55       LLNG configuration to declare its base URI path (see
56       Lemonldap::NG::Manager::Build). Example: /saml/. All requests that
57       starts with /saml/ will call run() after authentication if needed, and
58       no one else.
59
60       The logout() function is called when user asks for logout on this
61       server. If you want to write an identity provider, you must implement a
62       single logout system.
63
64   managing other URI path
65       Lemonldap::NG::Portal::Main::Issuer provides methods to bind a method
66       to an URI path:
67
68       addAuthRoute() for authenticated users
69       addUnauthRoute() for unauthenticated users
70
71       They must be called during initialization process (so you must write
72       the optional init() sub).
73
74       Be careful with "add*authRoute()": you can't catch here your root path
75       (= path declared in "$self->path") because it is caught by this module,
76       but you can catch sub-routes (ie "/path/something").
77
78       Example:
79
80         sub init {
81             my ($self) = @_;
82             ...
83             $self->addUnauthRoute( saml => { soap => 'soapServer' }, [ 'POST' ] );
84             return 1;
85         }
86         sub soapServer {
87             my ( $self, $req ) = @_;
88             ...
89             # You must return a valid PSGI response
90             return [ 200, [ 'Content-Type' => 'application/xml' ], [] ];
91         }
92
93   avoid conflicts in path
94       If you share base URI path with another plugin (a "Auth::*" module for
95       example), it is recommended to write a "ssoMatch" function that returns
96       true if "$req->uri" has to be handled by Issuer module. See
97       "Issuer::SAML" or "Issuer::OpenIDConnect" to have some examples.
98

SEE ALSO

100       <http://lemonldap-ng.org/>
101

AUTHORS

103       LemonLDAP::NG team <http://lemonldap-ng.org/team>
104

BUG REPORT

106       Use OW2 system to report bug or ask for features:
107       <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
108

DOWNLOAD

110       Lemonldap::NG is available at <https://lemonldap-ng.org/download>
111
113       See COPYING file for details.
114
115       This library is free software; you can redistribute it and/or modify it
116       under the terms of the GNU General Public License as published by the
117       Free Software Foundation; either version 2, or (at your option) any
118       later version.
119
120       This program is distributed in the hope that it will be useful, but
121       WITHOUT ANY WARRANTY; without even the implied warranty of
122       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
123       General Public License for more details.
124
125       You should have received a copy of the GNU General Public License along
126       with this program.  If not, see <http://www.gnu.org/licenses/>.
127
128
129
130perl v5.36.1                      2023-11L-e1m4onldap::NG::Portal::Main::Issuer(3)
Impressum