--- loncom/auth/lonacc.pm	2006/08/08 17:20:15	1.92
+++ loncom/auth/lonacc.pm	2006/08/30 21:48:51	1.95
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.92 2006/08/08 17:20:15 albertel Exp $
+# $Id: lonacc.pm,v 1.95 2006/08/30 21:48:51 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -137,6 +137,53 @@ sub get_posted_cgi {
     $r->headers_in->unset('Content-length');
 }
 
+# handle the case of the single sign on user, at this point $r->user 
+# will be set and valid now need to find the loncapa user info and possibly
+# balance them
+# returns OK if it was a SSO and user was handled
+#         undef if not SSO or no means to hanle the user
+sub sso_login {
+    my ($r,$lonid,$handle) = @_;
+
+    my $lonidsdir=$r->dir_config('lonIDsDir');
+    if (!($r->user 
+	  && (!defined($env{'user.name'}) && !defined($env{'user.domain'}))
+	  && (!$lonid || !-e "$lonidsdir/$handle.id" || $handle eq ''))) {
+	# not an SSO case or already logged in
+	return undef;
+    }
+
+    my $domain = $r->dir_config('lonDefDomain');
+    my $home=&Apache::lonnet::homeserver($r->user,$domain);
+    if ($home !~ /(con_lost|no_host|no_such_host)/) {
+	if ($r->dir_config("lonBalancer") eq 'yes') {
+	    # login but immeaditly go to switch server to find us a new 
+	    # machine
+	    &Apache::lonauth::success($r,$r->user,$domain,$home,'noredirect');
+	    $r->internal_redirect('/adm/switchserver');
+	} else {
+	    # need to login them in, so generate the need data that
+	    # migrate expects to do login
+	    my %info=('ip'        => $r->connection->remote_ip(),
+		      'domain'    => $domain,
+		      'username'  => $r->user,
+		      'server'    => $r->dir_config('lonHostID'),
+		      'sso.login' => 1
+		      );
+	    my $token = 
+		&Apache::lonnet::tmpput(\%info,
+					$r->dir_config('lonHostID'));
+	    $env{'form.token'} = $token;
+	    $r->internal_redirect('/adm/migrateuser');
+	}
+	return OK;
+    } elsif (defined($r->dir_config('lonSSOUserUnkownRedirect'))) {
+	$r->internal_redirect($r->dir_config('lonSSOUserUnkownRedirect'));
+	return OK;
+    }
+    return undef;
+}
+
 sub handler {
     my $r = shift;
     my $requrl=$r->uri;
@@ -150,24 +197,12 @@ sub handler {
 	$handle=$lonid->value;
         $handle=~s/\W//g;
     }
-      
-    my ($sso_login);
-    if ($r->user 
-	&& (!$lonid || !-e "$lonidsdir/$handle.id" || $handle eq '') ) {
-	$sso_login = 1;
-	my $domain = $r->dir_config('lonDefDomain');
-	my $home=&Apache::lonnet::homeserver($r->user,$domain);
-	if ($home !~ /(con_lost|no_such_host)/) {
-	    $handle=&Apache::lonauth::success($r,$r->user,$domain,
-					     $home,'noredirect');
-	    $r->header_out('Set-cookie',"lonID=$handle; path=/");
-	}
-    }
 
-    if ($sso_login) {
-	&Apache::lonnet::appenv('request.sso.login' => 1);
+    if (my $result = &sso_login($r,$lonid,$handle)) {
+	return $result
     }
 
+
     if ($r->dir_config("lonBalancer") eq 'yes') {
 	$r->set_handlers('PerlResponseHandler'=>
 			 [\&Apache::switchserver::handler]);
@@ -204,7 +239,8 @@ sub handler {
 
 # ---------------------------------------------------------------- Check access
 	my $now = time;
-	if ($requrl!~/^\/adm|public|prtspool\//) {
+	if ($requrl !~ m{^/(?:adm|public|prtspool)/}
+	    || $requrl =~ /^\/adm\/.*\/(smppg|bulletinboard)(\?|$ )/x) {
 	    my $access=&Apache::lonnet::allowed('bre',$requrl);
 	    if ($access eq '1') {
 		$env{'user.error.msg'}="$requrl:bre:0:0:Choose Course";