NAME

Lemonldap:NG::Portal::Auth - Writing authentication modules for LemonLDAP::NG.

SYNOPSIS

package Lemonldap::NG::Portal::Auth::My;

use strict;
use Mouse;
# Add constants used by this module
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK);

our $VERSION = '0.1';

# Directive provides by Mouse
extends 'Lemonldap::NG::Portal::Main::Auth';

sub init {
    ...
}

sub extractFormInfo {
    my ( $self, $req ) = @_;
    ...
}

sub authenticate {
    my ( $self, $req ) = @_;
    ...
}

sub setAuthSessionInfo {
    my ( $self, $req ) = @_;
    ...
}

sub authLogout {
    my ( $self, $req ) = @_;
    ...
}

sub getDisplayType {
    return ...;
}

1;

DESCRIPTION

Lemonldap::NG::Portal::Main::Auth must be used to build Lemonldap::NG authentication modules. Authentication modules are independent objects that are instantiated by Lemonldap::NG portal. They must provide methods described below.

METHODS

Accessors and methods provided by Lemonldap::NG::Portal::Main::Auth

p: portal object
conf: configuration hash (as reference)
logger alias for p->logger accessor
userLogger alias for p->userLogger accessor
error: alias for p->error method
authnLevel: Lemonldap::NG authentication level

"Routes" management

Like each module that inherits from Lemonldap::NG::Portal::Plugin, Lemonldap::NG::Portal::Main::Auth provides URI path functions:

addAuthRoute: wrapper to Lemonldap::NG::Handler::PSGI::Try addAuthRoute() method
addUnauthRoute: wrapper to Lemonldap::NG::Handler::PSGI::Try addUnauthRoute() method

Example:

sub init {
    ...
    $self->addAuthRoute( saml => { proxy => "proxySub" }, [ 'GET', 'POST' ] );
    ...
}
sub proxySub {
    my ( $self, $req ) = @_;
    ...
    # This sub must return a PSGI response. Example
    return [ 302, [ Location => 'http://x.y/' ], [] ];
}

This means that requests http://auth.../saml/proxy will be given to proxySub() method.

Methods that must be provided by an authentication module

init()

Method launched after object creation (after each configuration reload). It must return a true value if authentication module is ready, false else.

Methods called at each request

All these methods must return a Lemonldap::NG::Portal::Main::Constants value. They are called with one argument: a Lemonldap::NG::Portal::Main::Request object.

Note: if you want to change process() next steps, you just have to change $req->steps array.

extractFormInfo($req)

First authentication method called during authentication process. It must set $req->user that will be used by the userDB object to get user information.

authenticate($req)

Last method called during authentication process.

setAuthSessionInfo($req)

Method that must at least set $req->{sessionInfo}->{authenticationLevel} to an integer that indicates the strong of authentication.

Proposed levels:

1: low level
2: web form level
3: session based level (Kerberos for example)
5: strong authentication

authForce($req)

authLogout($req)

LOGGING

Logging is provided by $self->logger and $self->userLogger. The following rules must be applied:

logger->debug: technical debugging messages
logger->info: simple technical information
logger->notice: technical information that could interest administrators
logger->warn: technical warning
logger->error: error that must be reported to administrator
userLogger->info: simple information about user's action
userLogger->notice: information that may be registered (auth success,...)
userLogger->warn: bad action of a user (auth failure). Auth/Combination transform it to "info" when another authentication scheme is available
userLogger->error: bad action of a user that must be reported, (even if another backend is available with Combination)

AUTHORS

LemonLDAP::NG team http://lemonldap-ng.org/team

BUG REPORT

Use OW2 system to report bug or ask for features: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues

DOWNLOAD

Lemonldap::NG is available at http://forge.objectweb.org/project/showfiles.php?group_id=274

COPYRIGHT AND LICENSE

See COPYING file for details.

This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.