Annotation of loncom/auth/lonshibauth.pm, revision 1.8
1.1 raeburn 1: # The LearningOnline Network
2: # Redirect Shibboleth authentication to designated URL (/adm/sso).
3: #
1.8 ! raeburn 4: # $Id: lonshibauth.pm,v 1.7 2021/10/07 15:51:16 raeburn Exp $
1.1 raeburn 5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
28:
29: =head1 NAME
30:
31: Apache::lonshibauth - Redirect Shibboleth authentication
32:
33: =head1 SYNOPSIS
34:
35: Invoked when lonOtherAuthen is set to yes, and type is Shibboleth
36:
37: If server is configured as a Shibboleth SP, the main Apache
38: configuration file, e.g., /etc/httpd/conf/httpd.conf
39: (for RHEL/CentOS/Scentific Linux/Fedora) should contain:
40:
41: LoadModule mod_shib /usr/lib/shibboleth/mod_shib_22.so
42:
43: or equivalent (depending on Apache version)
44: before the line to include conf/loncapa_apache.conf
45:
46: =head1 INTRODUCTION
47:
48: Redirects a user requiring Single Sign On via Shibboleth to a
49: URL -- /adm/sso -- on the server which is configured to use that service.
50:
51: =head1 HANDLER SUBROUTINE
52:
53: This routine is called by Apache and mod_perl.
54:
55: =over 4
56:
57: If $r->user defined and requested uri not /adm/sso
58: redirect to /adm/sso
59:
60: Otherwise return DECLINED
61:
62: =back
63:
64: =cut
65:
66: package Apache::lonshibauth;
67:
68: use strict;
69: use lib '/home/httpd/lib/perl/';
1.3 raeburn 70: use Apache::lonnet;
1.2 raeburn 71: use Apache::Constants qw(:common REDIRECT);
1.1 raeburn 72: use LONCAPA qw(:DEFAULT);
73:
74: sub handler {
75: my $r = shift;
76: my $target = '/adm/sso';
1.6 raeburn 77: if (&Apache::lonnet::get_saml_landing()) {
78: $target = '/adm/login';
79: }
1.5 raeburn 80: my $uri = $r->uri;
1.6 raeburn 81: if (($r->user eq '') && ($uri ne $target) && ($uri ne '/adm/sso')) {
1.3 raeburn 82: my $lonhost = $Apache::lonnet::perlvar{'lonHostID'};
83: my $hostname = &Apache::lonnet::hostname($lonhost);
84: if (!$hostname) { $hostname = $r->hostname(); }
85: my $protocol = $Apache::lonnet::protocol{$lonhost};
86: unless ($protocol eq 'https') { $protocol = 'http'; }
1.4 raeburn 87: my $alias = &Apache::lonnet::use_proxy_alias($r,$lonhost);
1.7 raeburn 88: if (($alias ne '') &&
89: (&Apache::lonnet::alias_shibboleth($lonhost))) {
90: $hostname = $alias;
91: }
1.3 raeburn 92: my $dest = $protocol.'://'.$hostname.$target;
1.1 raeburn 93: $r->subprocess_env;
94: if ($ENV{'QUERY_STRING'} ne '') {
95: $dest .= '?'.$ENV{'QUERY_STRING'};
96: }
1.8 ! raeburn 97: unless (($uri eq '/adm/roles') || ($uri eq '/adm/logout')) {
! 98: if ($target eq '/adm/login') {
! 99: unless ($ENV{'QUERY_STRING'} =~ /firsturl=/) {
! 100: $dest.=(($dest=~/\?/)?'&':'?').'firsturl='.$uri;
! 101: }
! 102: } else {
! 103: unless ($ENV{'QUERY_STRING'} =~ /origurl=/)) {
! 104: $dest.=(($dest=~/\?/)?'&':'?').'origurl='.$uri;
! 105: }
! 106: }
1.5 raeburn 107: }
1.1 raeburn 108: $r->header_out(Location => $dest);
109: return REDIRECT;
110: } else {
111: return DECLINED;
112: }
113: }
114:
115: 1;
116: __END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonshibauth.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / auth