--- loncom/auth/lonshibauth.pm 2012/03/05 20:51:29 1.1 +++ loncom/auth/lonshibauth.pm 2021/11/03 01:04:02 1.12 @@ -1,7 +1,7 @@ # The LearningOnline Network # Redirect Shibboleth authentication to designated URL (/adm/sso). # -# $Id: lonshibauth.pm,v 1.1 2012/03/05 20:51:29 raeburn Exp $ +# $Id: lonshibauth.pm,v 1.12 2021/11/03 01:04:02 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -67,17 +67,52 @@ package Apache::lonshibauth; use strict; use lib '/home/httpd/lib/perl/'; -use Apache::Constants qw(:common); -use LONCAPA qw(:DEFAULT); +use Apache::lonnet; +use Apache::loncommon; +use Apache::lonacc; +use Apache::Constants qw(:common REDIRECT); +use LONCAPA qw(:DEFAULT :match); sub handler { my $r = shift; my $target = '/adm/sso'; - if (($r->user eq '') && ($r->uri() ne $target)) { - my $dest = &Apache::lonnet::absolute_url($r->hostname()).$target; - $r->subprocess_env; - if ($ENV{'QUERY_STRING'} ne '') { - $dest .= '?'.$ENV{'QUERY_STRING'}; + if (&Apache::lonnet::get_saml_landing()) { + $target = '/adm/login'; + } + if (($r->user eq '') && ($r->uri ne $target) && ($r->uri ne '/adm/sso')) { + my $lonhost = $Apache::lonnet::perlvar{'lonHostID'}; + my $hostname = &Apache::lonnet::hostname($lonhost); + if (!$hostname) { $hostname = $r->hostname(); } + my $protocol = $Apache::lonnet::protocol{$lonhost}; + unless ($protocol eq 'https') { $protocol = 'http'; } + my $alias = &Apache::lonnet::use_proxy_alias($r,$lonhost); + if (($alias ne '') && + (&Apache::lonnet::alias_shibboleth($lonhost))) { + $hostname = $alias; + } + my $dest = $protocol.'://'.$hostname.$target; + if ($target eq '/adm/login') { + my $querystring = &set_token($r,$lonhost); + if ($querystring ne '') { + $dest .= '?'.$querystring; + } + } else { + my $uri = $r->uri; + if ($uri =~ m{^/tiny/$match_domain/\w+$}) { + my $querystring = &set_token($r,$lonhost); + if ($querystring ne '') { + $dest .= '?'.$querystring; + } + } else { + if ($r->args ne '') { + $dest .= (($dest=~/\?/)?'&':'?').$r->args; + } + unless (($uri eq '/adm/roles') || ($uri eq '/adm/logout')) { + unless ($r->args =~ /origurl=/) { + $dest.=(($dest=~/\?/)?'&':'?').'origurl='.$uri; + } + } + } } $r->header_out(Location => $dest); return REDIRECT; @@ -86,5 +121,64 @@ sub handler { } } +sub set_token { + my ($r,$lonhost) = @_; + my ($firsturl,$querystring,$ssotoken,@names,%token); + @names = ('role','symb','ltoken','linkkey'); + map { $token{$_} = 1; } @names; + unless (($r->uri eq '/adm/roles') || ($r->uri eq '/adm/logout')) { + $firsturl = $r->uri; + } + if ($r->args ne '') { + &Apache::loncommon::get_unprocessed_cgi($r->args); + } + if ($r->uri =~ m{^/tiny/$match_domain/\w+$}) { + if ($env{'form.ttoken'}) { + my %info = &Apache::lonnet::tmpget($env{'form.ttoken'}); + &Apache::lonnet::tmpdel($env{'form.ttoken'}); + if ($info{'ltoken'}) { + $env{'form.ltoken'} = $info{'ltoken'}; + } elsif ($info{'linkkey'} ne '') { + $env{'form.linkkey'} = $info{'linkkey'}; + } + } else { + unless (($env{'form.ltoken'}) || ($env{'form.linkkey'})) { + &Apache::lonacc::get_posted_cgi($r,['linkkey']); + } + } + } + my $extras; + foreach my $name (@names) { + if ($env{'form.'.$name} ne '') { + if ($name eq 'ltoken') { + my %info = &Apache::lonnet::tmpget($env{'form.ltoken'}); + &Apache::lonnet::tmpdel($env{'form.ltoken'}); + if ($info{'linkprot'}) { + $extras .= '&linkprot='.&escape($info{'linkprot'}); + last; + } + } else { + $extras .= '&'.$name.'='.&escape($env{'form.'.$name}); + } + } + } + if (($firsturl ne '') || ($extras ne '')) { + $extras .= ':sso'; + $ssotoken = &Apache::lonnet::reply('tmpput:'.&escape($firsturl). + $extras,$lonhost); + $querystring = 'sso='.$ssotoken; + } + if ($r->args ne '') { + foreach my $key (sort(keys(%env))) { + if ($key =~ /^form\.(.+)$/) { + my $name = $1; + next if (($token{$name}) || ($name eq 'ttoken')); + $querystring .= '&'.$name.'='.$env{$key}; + } + } + } + return $querystring; +} + 1; __END__