| Authentication | Users | Password | 
	
		| ✔ | ✔ |  | 
This module is a 
LL::NG specific identity federation protocol. You may rather use standards protocols like 
SAML, 
OpenID or 
CAS.
 
-  The main portal is configured to use  CDA- . The secondary portal is declared in the Manager of the main  LL::NG-  structure (else user will be rejected). 
-  The portal of the secondary  LL::NG-  structure is configured to delegate authentication to a remote portal. A request to the main session database is done (trough  SOAP session backend- ) to be sure that the session exists. 
-  If  - exportedAttr-  is set, only those attributes are copied in the session database of the secondary  LL::NG-  structure. Else, all data are copied in the session database. 
 
-  User tries to access to an application in the secondary  LL::NG-  structure without having a session in this area 
-  Redirection to the portal of the secondary area (transparent) 
-  Redirection to the portal of the main area and normal authentication (if not done before) 
-  Redirection to the portal of the secondary area (transparent) 
-  Secondary portal check if remote session is available. It can be done via direct access to the session database or using  SOAP-  access. Then it creates the session (with attribute filter) 
-  User can now access to the protected application 
Note that if the user is already authenticated on the first portal, all redirections are transparent.
 
Configure the portal to use the remote LL::NG structure.
In Manager, go in General Parameters » Authentication modules and choose Remote for authentication and users.
Then, go in Remote parameters: 
 
Using this, we can do a very simple interoperability system between 2 organizations using two LL::NG structures:
So on each main portal, internal users can access normally, and users issued from the other organization have just to click on the link:
 
-  One user tries to access to the portal 
-  External user clicks to be redirected to the remote type portal 
-  After redirection, normal authentication in the remote portal 
-  Redirection to the remote type portal 
-  Validation of the session: external user has now a local session