[BACK]Return to lonshibauth.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / auth
File:  [LON-CAPA] / loncom / auth / lonshibauth.pm
Revision 1.5: download - view: text, annotated - select for diffs
Tue Jun 22 16:56:35 2021 UTC (2 years, 10 months ago) by raeburn
Branches: MAIN
CVS tags: HEAD
- Go to originally requested URL after single sign on with Shibboleth.

# The LearningOnline Network
# Redirect Shibboleth authentication to designated URL (/adm/sso).
#
# $Id: lonshibauth.pm,v 1.5 2021/06/22 16:56:35 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#

=head1 NAME

Apache::lonshibauth - Redirect Shibboleth authentication

=head1 SYNOPSIS

Invoked when lonOtherAuthen is set to yes, and type is Shibboleth 

If server is configured as a Shibboleth SP, the main Apache 
configuration file, e.g.,  /etc/httpd/conf/httpd.conf
(for RHEL/CentOS/Scentific Linux/Fedora) should contain:

LoadModule mod_shib /usr/lib/shibboleth/mod_shib_22.so

or equivalent (depending on Apache version) 
before the line to include conf/loncapa_apache.conf

=head1 INTRODUCTION

Redirects a user requiring Single Sign On via Shibboleth to a  
URL -- /adm/sso -- on the server which is configured to use that service.

=head1 HANDLER SUBROUTINE

This routine is called by Apache and mod_perl.

=over 4

If $r->user defined and requested uri not /adm/sso
redirect to /adm/sso

Otherwise return DECLINED

=back

=cut

package Apache::lonshibauth;

use strict;
use lib '/home/httpd/lib/perl/';
use Apache::lonnet;
use Apache::Constants qw(:common REDIRECT);
use LONCAPA qw(:DEFAULT);

sub handler {
    my $r = shift;
    my $target = '/adm/sso';
    my $uri = $r->uri;
    if (($r->user eq '') && ($uri ne $target)) {
        my $lonhost = $Apache::lonnet::perlvar{'lonHostID'};
        my $hostname = &Apache::lonnet::hostname($lonhost);
        if (!$hostname) { $hostname = $r->hostname(); }
        my $protocol = $Apache::lonnet::protocol{$lonhost};
        unless ($protocol eq 'https') { $protocol = 'http'; }
        my $alias = &Apache::lonnet::use_proxy_alias($r,$lonhost);
        $hostname = $alias if ($alias ne '');
        my $dest = $protocol.'://'.$hostname.$target;
        $r->subprocess_env;
        if ($ENV{'QUERY_STRING'} ne '') {
            $dest .= '?'.$ENV{'QUERY_STRING'};
        }
        if ($uri ne '/adm/roles/') {
            unless ($ENV{'QUERY_STRING'} =~ /origurl=/) {
                $dest.=(($dest=~/\?/)?'&':'?').'origurl='.$uri;
            }
        }
        $r->header_out(Location => $dest);
        return REDIRECT;
    } else {
        return DECLINED;
    }
}

1;
__END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>