Allows simple switch between templated splash page and preauth login script.
Disabled:
option login_option_enabled '0'
use config options for FAS if set, or Templated Splash
Enabled:
option login_option_enabled '1'
use preauth login script providing username/email login with access log
Signed-off-by: Rob White <rob@blue-wave.net>
This enhancement allows custom variables generated by FAS
to be sent to Binauth.
FAS can embed custom variables into redir, allowing
local post authentication processing to take place.
Two example scripts are provided.
The first provides sitewide username/password login for two user groups,
Staff and Guest in the example.
Staff has unlimited access, Guest is limited to 10 minutes per session.
The second provides local logging of NDS logins, even with a remote FAS.
The documentation is fully updated.
Signed-off-by: Rob White <rob@blue-wave.net>
redirectURL is now redundant as most CPD implementations immediately close the "splash" page
as soon as NDS authenticates, thus redirectURL will not be shown.
This functionality, ie displaying a particular web page as a final "Landing Page"
can be achieved reliably using FAS, with NDS calling the previous "redirectURL" as the FAS page.
Signed-off-by: Rob White <rob@blue-wave.net>
Simple configuration of fas running on remote shared hosting server.
Encrypt the query string sent to remote FAS.
Documentation Updates.
Bumping to v4.0.0
Signed-off-by: Rob White <rob@blue-wave.net>
This implements redirection to an external authentication
service in place of splash.html.
It introduces four new options:
1. fasport - if set, enables FAS redirection and the value is
the port used for access.
2. fasremoteip - if set is the ip address of the FAS, defaults
to the NDS gateway address for the case of FAS running locally to NDS.
3. faspath - the path on FAS to the login page. Default "/"
4. fas_secure_enabled - if set to "1", the client token is not
revealed and it is the responsibility of the FAS to request
this from NDS. If set to "0", the client token is passed in
clear text in the query string to the FAS.
Firewall settings are automatically configured for access to the FAS.
Binauth can also be configured at the same time to allow a local
script to be called on authentication.
Signed-off-by: Rob White <rob@blue-wave.net>
Often, a client will connect to NDS but not authenticate for a while. When they do, very often the token will have timed out and they are served up infoskel.html.
This is neither mobile or client friendly and leaves them in limbo.
Here is a new version with a button for them to continue. Tested on Apple, Windows, Android and various desktops/laptops.
