[BACK]Return to lonshibacc.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonshibacc.pm between versions 1.2 and 1.3

version 1.2, 2015/01/23 15:57:27 version 1.3, 2021/12/06 03:31:54
Line 28 Line 28
   
 =head1 NAME  =head1 NAME
   
 Apache::lonshibacc - Authorization handler if Shibboleth-authenticated  Apache::lonshibacc - Initial Authorization handler for
   SSO-authenticated users.
   
 =head1 SYNOPSIS  =head1 SYNOPSIS
   
Line 42  PerlAuthzHandler       Apache::lonshibac Line 43  PerlAuthzHandler       Apache::lonshibac
 Authorization handler used to remove trailing @internet dom  Authorization handler used to remove trailing @internet dom
 from Shibboleth authenticated username (e.g., @mit.edu).  from Shibboleth authenticated username (e.g., @mit.edu).
   
 After making change to $r->user, will return DECLINE so  Authorization handler used to:
 lonacc.pm can be invoked as the next authorization handler.  
   (a) remove trailing @internet dom from Shibboleth 
   authenticated username (e.g., @mit.edu),
   unless lonSSOEmailOK perl var is set to 1, and/or
   
   (b) set URI for authenticated user to /adm/sso, if
   lonOtherAuthenUrl is set.
   
   After making changes to $r->user and/or $r->uri, DECLINED is
   returned so lonacc.pm can be invoked as the next authorization
   handler via:
   
 PerlAuthzHandler       Apache::lonacc  PerlAuthzHandler       Apache::lonacc
   
Line 74  sub handler { Line 85  sub handler {
             my $uint_dom = &Apache::lonnet::internet_dom($uprimary_id);              my $uint_dom = &Apache::lonnet::internet_dom($uprimary_id);
             if ($user =~ /^(\w[a-zA-Z0-9_\-.]+)\@\Q$uint_dom\E$/i) {              if ($user =~ /^(\w[a-zA-Z0-9_\-.]+)\@\Q$uint_dom\E$/i) {
                 my $username = $1;                  my $username = $1;
                 $user = $r->user($username);                  unless ($r->dir_config('lonSSOEmailOK') == 1) {
                       $user = $r->user($username);
                   }
             }              }
         }          }
           if (($r->dir_config('lonOtherAuthenUrl') ne '') &&
               ($r->uri eq $r->dir_config('lonOtherAuthenUrl'))) {
               $r->uri('/adm/sso');
           }
     }      }
     return DECLINED;      return DECLINED;
 }  }
Removed from v.1.2  
changed lines
  Added in v.1.3

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>