EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #01535
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
[EP-tech] Re: EPrints webserver authentication, skipping authentication?
- To: "eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk>
- Subject: [EP-tech] Re: EPrints webserver authentication, skipping authentication?
- From: Jose Martin <J.Martin@ulcc.ac.uk>
- Date: Thu, 7 Feb 2013 12:25:10 +0000
It was needed in our 3.3.10 using HTTPS. I guess, basically have a look at the cookies that EPrints would generate by using HTTPS with EPrints native authentication system and make the webserver authentication system do the same. -----Original Message----- From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Yuri Sent: 07 February 2013 11:55 To: eprints-tech@ecs.soton.ac.uk Subject: [EP-tech] Re: EPrints webserver authentication, skipping authentication? Il 07/02/2013 12:26, Jose Martin ha scritto: > Hi all, > > Just in case someone meets this same problem, it was solved (in 3.3.10) by modifying the shibboleth/login script from the EPrints webserver authentication add-on to send the secure EPrints cookie along with the standard one: is this needed in eprints 3.3 or in all eprints version? > > > my @b = (); > srand; > for(1..16) { push @b, sprintf( "%02X",int rand 256 ); } my $securecode > = join( "", @b ); > > # add ticket to DB > my $ip = $ENV{REMOTE_ADDR}; > my $userid = $user->get_id; > # my $sql = "REPLACE INTO loginticket VALUES( > '".EPrints::Database::prep_value($code)."', null, $userid, > '".EPrints::Database::prep_value($ip)."', ".time.", > ".(time+60*60*24*7)." )"; my $sql = "REPLACE INTO loginticket ( code, > userid, ip, expires, securecode, time) VALUES( > '".EPrints::Database::prep_value($code)."', $userid, > '".EPrints::Database::prep_value($ip)."', ".(time+60*60*24*7).", '" . > $securecode . "', ".time." )"; > > ... > > # make SECURE cookie > my $securecookie = $session->get_query->cookie( > -name => "secure_eprints_session", > -path => "/", > -value => $securecode, > -domain => $session->get_repository->get_conf("cookie_domain"), > -expires => "+6h", > ); > > # send SECURE cookie in error headers > $r->err_headers_out->add('Set-Cookie' => $securecookie); > > > Although the IP-based session leak is now prevented by > https://github.com/eprints/eprints/commit/a9c66337ec48994a8c481899f1d5 > a8039a98e8d0 > > > Cheers, > > Jose > > -----Original Message----- > From: eprints-tech-bounces@ecs.soton.ac.uk > [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Paolo > Tealdi > Sent: 22 January 2013 15:40 > To: eprints-tech@ecs.soton.ac.uk > Subject: [EP-tech] Re: EPrints webserver authentication, skipping authentication? > > > On 01/22/2013 04:14 PM, Jose Martin wrote: > > Hi Josè, > > i'm using that plugin (with some small changes that i should get from our local svn server ) with Shibboleth authentication and i don't see this "feature". > After logged in through Shibboleth with Firefox from my machine, if i open Chrome the login button redirect me to shibboleth again. > Could be a problem with YOUR Shibboleth authentication ? > This feature happens also accessing other shibboleth SP ? > > Best regards, > Paolo Tealdi > > >> Hi, >> >> Has anyone implemented EPrints webserver authentication as in http://files.eprints.org/738/? >> >> I have integrated a 3.3.10 repository with an external Shibboleth >> authentication system, but it seems that once a session is successfully started, you can launch another browser and upon clicking "Login", it will "steal" the other browser's session and display the "Manage deposits | Profile..." options. >> >> Apparently, it reuses the login ticket from the former, valid session. >> >> Has anyone noticed this behaviour as well? >> >> Cheers, >> >> Jose >> >> ---- >> >> Jose Martin >> >> Digital Repositories Specialist >> >> Research Technologies Group >> >> University of London Computer Centre >> >> Senate House | Malet Street | London | WC1E 7HU >> >> t: +44 (0)20 7863 1342 >> >> e: J.Martin@ulcc.ac.uk >> >> w: http://www.ulcc.ac.uk/ >> >> b: http://dablog.ulcc.ac.uk/ >> >> The University of London is an exempt charity in England and Wales >> and a charity registered in Scotland (reg. no. SC041194) >> >> ---- >> >> >> >> *** Options: >> http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech >> *** Archive: http://www.eprints.org/tech.php/ >> *** EPrints community wiki: http://wiki.eprints.org/ >> > *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech *** Archive: http://www.eprints.org/tech.php/ *** EPrints community wiki: http://wiki.eprints.org/
- References:
- [EP-tech] EPrints webserver authentication, skipping authentication?
- From: Jose Martin <J.Martin@ulcc.ac.uk>
- [EP-tech] Re: EPrints webserver authentication, skipping authentication?
- From: Paolo Tealdi <paolo.tealdi@polito.it>
- [EP-tech] Re: EPrints webserver authentication, skipping authentication?
- From: Jose Martin <J.Martin@ulcc.ac.uk>
- [EP-tech] Re: EPrints webserver authentication, skipping authentication?
- From: Yuri <yurj@alfa.it>
- [EP-tech] EPrints webserver authentication, skipping authentication?
- Prev by Date: [EP-tech] Re: EPrints webserver authentication, skipping authentication?
- Next by Date: [EP-tech] Re: Eprints and ebook readers
- Previous by thread: [EP-tech] Re: EPrints webserver authentication, skipping authentication?
- Next by thread: [EP-tech] Re: EPrints webserver authentication, skipping authentication?
- Index(es):