Annotation of loncom/auth/lonshibacc.pm, revision 1.3
1.1 raeburn 1: # The LearningOnline Network
2: # Authorization handler for Shibboleth authenticated users
3: #
1.3 ! raeburn 4: # $Id: lonshibacc.pm,v 1.2 2015/01/23 15:57:27 raeburn Exp $
1.1 raeburn 5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
28:
29: =head1 NAME
30:
1.3 ! raeburn 31: Apache::lonshibacc - Initial Authorization handler for
! 32: SSO-authenticated users.
1.1 raeburn 33:
34: =head1 SYNOPSIS
35:
36: Invoked for /adm/sso by
37: /etc/httpd/conf/loncapa_apache.conf:
38:
39: PerlAuthzHandler Apache::lonshibacc
40:
41: =head1 INTRODUCTION
42:
43: Authorization handler used to remove trailing @internet dom
44: from Shibboleth authenticated username (e.g., @mit.edu).
45:
1.3 ! raeburn 46: Authorization handler used to:
! 47:
! 48: (a) remove trailing @internet dom from Shibboleth
! 49: authenticated username (e.g., @mit.edu),
! 50: unless lonSSOEmailOK perl var is set to 1, and/or
! 51:
! 52: (b) set URI for authenticated user to /adm/sso, if
! 53: lonOtherAuthenUrl is set.
! 54:
! 55: After making changes to $r->user and/or $r->uri, DECLINED is
! 56: returned so lonacc.pm can be invoked as the next authorization
! 57: handler via:
1.1 raeburn 58:
59: PerlAuthzHandler Apache::lonacc
60:
61: =head1 HANDLER SUBROUTINE
62:
63: This routine is called by Apache and mod_perl.
64:
65: =cut
66:
67: package Apache::lonshibacc;
68:
69: use strict;
70: use lib '/home/httpd/lib/perl/';
71: use Apache::lonnet;
72: use Apache::Constants qw(:common);
73: use LONCAPA qw(:DEFAULT);
74:
75: sub handler {
76: my $r = shift;
77: my $user = $r->user;
78: if ($user ne '') {
79: my $udom = $r->dir_config('lonSSOUserDomain');
80: if ($udom eq '') {
81: $udom = $r->dir_config('lonDefDomain');
82: }
83: if ($udom ne '') {
84: my $uprimary_id = &Apache::lonnet::domain($udom,'primary');
85: my $uint_dom = &Apache::lonnet::internet_dom($uprimary_id);
1.2 raeburn 86: if ($user =~ /^(\w[a-zA-Z0-9_\-.]+)\@\Q$uint_dom\E$/i) {
1.1 raeburn 87: my $username = $1;
1.3 ! raeburn 88: unless ($r->dir_config('lonSSOEmailOK') == 1) {
! 89: $user = $r->user($username);
! 90: }
1.1 raeburn 91: }
92: }
1.3 ! raeburn 93: if (($r->dir_config('lonOtherAuthenUrl') ne '') &&
! 94: ($r->uri eq $r->dir_config('lonOtherAuthenUrl'))) {
! 95: $r->uri('/adm/sso');
! 96: }
1.1 raeburn 97: }
98: return DECLINED;
99: }
100:
101: 1;
102: __END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonshibacc.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / auth