CVS log for loncom/auth/lonshibauth.pm

Up to [LON-CAPA] / loncom / auth

Request diff between arbitrary revisions

Keyword substitution: kv
Default branch: MAIN

- Bugs 6754 and 6907
  - Return of grades to launcher CMS supported for resources or folders
    accessed via LTI-mediated deep link.
  - Support option: "Encrypt stored consumer secrets defined in domain"
  - Signing of LTI payloads for roster retrieval, passback of grades,
    and callback to logput launcher CMS session all now occur on
    primary library server for course's domain.

- Support access to specific LON-CAPA message after login in cases where a
  LON-CAPA loadbalancer node is used as the portal for a domain.

- Bug 6907
  "Exit Tool" button available to logout a session launched via deep link
  and escape iframe and redirect (for LTI-protected link).

- Bug 6907
  For LTI-protected deep links in which username is included in launch payload
  compare username in payload with username for any existing LON-CAPA session
  in current web browser and expire old session, if different user.

- For 2.11
  Remove code which supports deep-linking features not included in 2.11

- &alias_shibboleth() routine in lonnet.pm renamed alias_sso().

- Dual SSO and non-SSO login from /adm/login for use with additional SSO
  mechanisms besides Shibboleth.
  - Default is to use /adm/sso for "authentication" URL.
  - Different authentication URL can be set with lonOtherAuthenUrl perlvar.
  - Update documentation for lonshibauth.pm and lonshibacc.pm
  - Wording change for WAF/Proxy domain configuration
  - If Apache config contains lonSSOEmailOK set to 1, default removal
    of @ "internet domain" from username for SSO authenticated users in
    lonshibacc.pm is skipped.
  - &alias_shibboleth() routine in lonnet.pm renamed alias_sso().

- Bug 6907
  - Use of token to store linkprot or linkkey compatible with use of
    btoken and iptoken (for load balancing and IP change respectively).
  - Launching access from a deeplink, with its own ltoken and/or linkkey,
    for a user session originally launched from a different deeplink will
    update required session information.

- Use token to store role, symb, linkprot, and/or linkkey when dual log-in
  page to support SSO (Shibboleth) and non-SSO is in use, and for "log in
  again" retry link for failed login, instead of using query string directly.
- When digest is used by tmpput handler in lond to generate an id, only use
  id which does not already exist in LON-CAPA's tmp directory.

- Get query string from $r->args instead of populating %ENV.

- Fix typo in rev. 1.8

- When /adm/login is used as landing page for user toggle between SSO or
  non-SSO, URL of original destination named firsturl in query string.

- Bug 6914
  Domain configuration for WAF/Proxy includes Y/N option for use of alias in
  redirection to /adm/sso for server(s) supporting Shibboleth Single Sign On.

- For SAML authentication (Shibboleth) config for each of domain's nodes
  to set /adm/log-in as landing page for user toggle between SSO or non-SSO.

- Go to originally requested URL after single sign on with Shibboleth.

- Bug 6914.
  Replace hostname with alias when creating absolute URLs, if alias in use.

- Too early in request for $ENV{'SERVER_PORT'} to be set, so determine if
  this server needs https or http from configuration in hosts.tab

- Add REDIRECT to defined Constants to eliminate error with Apache 1.X
  (SLES 9).

- Support for Single Sign On with Shibboleth 2.