EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #01532
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
[EP-tech] Re: EPrints webserver authentication, skipping authentication?
- To: "eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk>
- Subject: [EP-tech] Re: EPrints webserver authentication, skipping authentication?
- From: Jose Martin <J.Martin@ulcc.ac.uk>
- Date: Thu, 7 Feb 2013 11:26:34 +0000
Hi all, Just in case someone meets this same problem, it was solved (in 3.3.10) by modifying the shibboleth/login script from the EPrints webserver authentication add-on to send the secure EPrints cookie along with the standard one: my @b = (); srand; for(1..16) { push @b, sprintf( "%02X",int rand 256 ); } my $securecode = join( "", @b ); # add ticket to DB my $ip = $ENV{REMOTE_ADDR}; my $userid = $user->get_id; # my $sql = "REPLACE INTO loginticket VALUES( '".EPrints::Database::prep_value($code)."', null, $userid, '".EPrints::Database::prep_value($ip)."', ".time.", ".(time+60*60*24*7)." )"; my $sql = "REPLACE INTO loginticket ( code, userid, ip, expires, securecode, time) VALUES( '".EPrints::Database::prep_value($code)."', $userid, '".EPrints::Database::prep_value($ip)."', ".(time+60*60*24*7).", '" . $securecode . "', ".time." )"; ... # make SECURE cookie my $securecookie = $session->get_query->cookie( -name => "secure_eprints_session", -path => "/", -value => $securecode, -domain => $session->get_repository->get_conf("cookie_domain"), -expires => "+6h", ); # send SECURE cookie in error headers $r->err_headers_out->add('Set-Cookie' => $securecookie); Although the IP-based session leak is now prevented by https://github.com/eprints/eprints/commit/a9c66337ec48994a8c481899f1d5a8039a98e8d0 Cheers, Jose -----Original Message----- From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Paolo Tealdi Sent: 22 January 2013 15:40 To: eprints-tech@ecs.soton.ac.uk Subject: [EP-tech] Re: EPrints webserver authentication, skipping authentication? On 01/22/2013 04:14 PM, Jose Martin wrote: Hi Josè, i'm using that plugin (with some small changes that i should get from our local svn server ) with Shibboleth authentication and i don't see this "feature". After logged in through Shibboleth with Firefox from my machine, if i open Chrome the login button redirect me to shibboleth again. Could be a problem with YOUR Shibboleth authentication ? This feature happens also accessing other shibboleth SP ? Best regards, Paolo Tealdi > Hi, > > Has anyone implemented EPrints webserver authentication as in http://files.eprints.org/738/? > > I have integrated a 3.3.10 repository with an external Shibboleth > authentication system, but it seems that once a session is successfully started, you can launch another browser and upon clicking "Login", it will "steal" the other browser's session and display the "Manage deposits | Profile..." options. > > Apparently, it reuses the login ticket from the former, valid session. > > Has anyone noticed this behaviour as well? > > Cheers, > > Jose > > ---- > > Jose Martin > > Digital Repositories Specialist > > Research Technologies Group > > University of London Computer Centre > > Senate House | Malet Street | London | WC1E 7HU > > t: +44 (0)20 7863 1342 > > e: J.Martin@ulcc.ac.uk > > w: http://www.ulcc.ac.uk/ > > b: http://dablog.ulcc.ac.uk/ > > The University of London is an exempt charity in England and Wales and > a charity registered in Scotland (reg. no. SC041194) > > ---- > > > > *** Options: > http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech > *** Archive: http://www.eprints.org/tech.php/ > *** EPrints community wiki: http://wiki.eprints.org/ > -- Ing. Paolo Tealdi Area IT - Politecnico Torino Telefono/Phone : +39-011-0906714 , FAX : +39-011-0906799 Indirizzo/Address : C.so Duca degli Abruzzi, 24 - 10129 Torino - ITALY Skype : tealdi.paolo Please consider your environmental responsibility before printing this e-mail *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech *** Archive: http://www.eprints.org/tech.php/ *** EPrints community wiki: http://wiki.eprints.org/
- References:
- [EP-tech] EPrints webserver authentication, skipping authentication?
- From: Jose Martin <J.Martin@ulcc.ac.uk>
- [EP-tech] Re: EPrints webserver authentication, skipping authentication?
- From: Paolo Tealdi <paolo.tealdi@polito.it>
- [EP-tech] EPrints webserver authentication, skipping authentication?
- Prev by Date: [EP-tech] Re: Cleaning database up
- Next by Date: [EP-tech] Eprints and ebook readers
- Previous by thread: [EP-tech] Re: EPrints webserver authentication, skipping authentication?
- Next by thread: [EP-tech] Re: EPrints webserver authentication, skipping authentication?
- Index(es):