[Xerte-dev] Re: Using Two Authentication Methods

Smith, John J.J.Smith at gcu.ac.uk
Thu May 16 16:33:56 BST 2013


Thanks Ron,

DB is broken just now I think... but I think I know the fix, just about to commit...

Regards,

John Smith
Learning Technologist
School of Health & Life Sciences
Glasgow Caledonian University

From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Ron Mitchell
Sent: Thursday, May 16, 2013 4:28 PM
To: 'For Xerte technical developers'
Subject: [Xerte-dev] Re: Using Two Authentication Methods

yeah but just to clarify the static.php I attached goes in the root it's not the same as the one John has pointed to. You could name mine something different to avoid confusion.

So all you'd be doing is providing those with static login a different initial url and their account credentials are in library/Xerte/Authentication/static.php

You could probably use db instead but you might have to manually switch to db authentication in auth_config.php to be able to create those accounts via management.php first before switching back to ldap. So it's a judgement call whether static will suffice (no disruption) or 10mins lack of access while you create the db accounts.

HTH
Ron

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Smith, John
Sent: 16 May 2013 16:02
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Using Two Authentication Methods

In library/Xerte/Authentication/static.php or something like that...


Regards,

John Smith
Learning Technologist
School of Health & Life Sciences
Glasgow Caledonian University

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: Thursday, May 16, 2013 3:57 PM
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Using Two Authentication Methods

So basically I'm setting up two front doors: one for the LDAP horde, and one for the select few, via different pages. That's OK I think.

Where do I put the username / password? (sorry, I'm not familiar with the static stuff).


From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Ron Mitchell
Sent: 16 May 2013 15:47
To: 'For Xerte technical developers'
Subject: [Xerte-dev] Re: Using Two Authentication Methods

works for me...

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Ron Mitchell
Sent: 16 May 2013 15:16
To: 'For Xerte technical developers'
Subject: [Xerte-dev] Re: Using Two Authentication Methods

Thinking out loud but this should work...

create a new very basic php page which the static login people should go to e.g. static.php
this would be unique to your install and therefore not broken by upgrades

set a session variable in there e.g. set static to true and then redirect to index.php

edit auth_config.php and check for that session and switch to static authentication if that session is set

So the only page you would have to protect from upgrades is auth_config.php which to be honest if you're upgrading regularly you need to do anyway.

This is theory but I think should work.

HTH
Ron

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: 16 May 2013 14:28
To: For Xerte technical developers (xerte-dev at lists.nottingham.ac.uk<mailto:xerte-dev at lists.nottingham.ac.uk>)
Subject: [Xerte-dev] Using Two Authentication Methods

Hi,

I need a bit of help from someone who knows the authentication stuff better than me:

We have some cases where, in the past, we've kept a few usernames / passwords in the auth code, and have checked against those before checking against LDAP. There are some collective efforts here where content is passed to a central admin account - one that has static authentication. Lots of people create content in their own accounts, and then pass it to the admin account when it is finished, and that sets up a lot of content for feeds, etc. Downstream, a website reads the folder feeds and displays the content.

When we upgraded, we lost this capability. Now that user can't login.

So I need to be able to either hardcode a username / password in somewhere (I know, I don't like it either) or have two auth methods, static, and then LDAP (or the other way around) if the first one fails, and I need a solution that won't break in the future when we upgrade again, because this is a real pain.

What's the best solution?

Thanks,

Julian




Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education's Widening Participation Initiative of the Year 2009 and Herald Society's Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html

Winner: Times Higher Education's Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html




Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education's Widening Participation Initiative of the Year 2009 and Herald Society's Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html

Winner: Times Higher Education's Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130516/c253112f/attachment.html>


More information about the Xerte-dev mailing list