EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #07131


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] Shibboleth and local login


Hi!

I'm following: https://wiki.eprints.org/w/Webserver_authentication

 I've found this in :

                if( $repository->current_url ne $repository->current_url( path => "cgi", "users/login" ) )
                {
EPrints::Apache::AnApache::send_status_line( $r, 302, "Need to login first" );                         EPrints::Apache::AnApache::header_out( $r, "Location", $login_url );
EPrints::Apache::AnApache::send_http_header( $r );
                        return DONE;
                }

this create a loop in authentication because it doesn'nt check for /shibboleth/login! perl_lib/EPrints/Apache/Auth.pm

My question is also how I can insert a link to a local authentication because if I follow a link to /cgi/users/login, I get redirected to shibboleth auth. Is it because of the lines above?

To avoid the loop, in auth.pl I've changed this:

   my $url = URI->new( $session->get_repository->get_conf( "base_url" ) . "/shibboleth/login" ); <- base_url is http, no shibboleth, so the server keep redirecting over and over

 to:

    my $url = "https://<mysite>/shibboleth/login";

So, I think the guide is incomplete or there's something not clear to me...

Il 14/12/2017 09:11, Yuri ha scritto:
Ok, so I've just to add a link to /shibboleth/login in /cgi/users/login for people which want to login using shibboleth, isn't it?

For redirects it is not a problem, but I think /cgi/users/login already save the loginparams so send you to the wanted page.


Il 13/12/2017 11:25, David R Newman ha scritto:
Hi Yuri,

The actual login page is http://HOSTNAME/cgi/users/login you could
include this link for people who want to login using local login.
  However, must the links that require you to login will still always
redirect to shibboleth, so you will have to instruct you local uses
that they must click on the local login to ensure they are logged in
before trying to use any of the logged in user functionality,

You might want to do something clever with the login link to ensure the
user gets returned to the same page they were on before they realised
they need to login.  I am not sure how to do this off the top of my
head.

Regards

David Newman

On Wed, 2017-12-13 at 10:53 +0100, Yuri wrote:
Hi!

   reading and implementing this guide:

https://wiki.eprints.org/w/Shibboleth

   every login is handled by Shibboleth. Is there a way to let the
user
choose betsween local and Shibboleth login?


*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-
tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
*** EPrints developers Forum: http://forum.eprints.org/
*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
*** EPrints developers Forum: http://forum.eprints.org/