[Xerte] Re: Shibbolising XOT
Smith, John
J.J.Smith at gcu.ac.uk
Tue Jul 23 09:49:06 BST 2013
Hmmm 'accusers' === 'all users'
Damn predictive text....
Regards
John Smith
Learning Technologist
School of Health and Life Sciences
Sent from Samsung Galaxy SII
"Smith, John" <J.J.Smith at gcu.ac.uk> wrote:
All shib.php (and the 3 functions i listed) does is return an array of firstname, surname and username and true if valid... You can just return that and do no auth whatsoever and accusers will have same details... I believe guest works similar to this...
So what you need to do is print_r the shib session details once logged in (just to find out what is passed and transfer those details to the array...
However if you change the cookie then shib may log you out so that may not work with the kind of overall Shib auth you have on all server traffic...
You'll just need to try and see what happens...
Regards
John Smith
Learning Technologist
School of Health and Life Sciences
Sent from Samsung Galaxy SII
Bruce Jackson <bj1 at soas.ac.uk> wrote:
Hi again,
I've got a Shibboleth SP set up on the server to 'protect' the whole website.
That's working OK, in that if a user goes to the site they get redirected to the IdP, get identified, and then control is passed back to the xerte server along with certain user credentials.
At that point I want to be able to use those credentials to log the user in.
I've had a go at what John suggested - creating a new 'Shib.php' script in the .../Library/Xerte/Authentication folder and changing auth_config.php to point at it. However that just puts me at the standard xerte login screen on return from the IdP authentication. It doesn't throw any errors and logs me in correctly if I fill in the details again, so I guess I've not made any errors in the Shib.php script. It's just not really doing what I'm after.
Is there a way of achieving what I want?
Cheers,
Bruce
On 22 July 2013 15:33, Pat @ Pgogy <xerte at pgogywebstuff.com<mailto:xerte at pgogywebstuff.com>> wrote:
Integration.txt is more of a single sign on botch job
What John describes makes more sense
I would grab a php shibboleth library and then use a cut up ldap php to call out to the library
Pat
On 22 Jul 2013, at 11:01, "Smith, John" <J.J.Smith at gcu.ac.uk<mailto:J.J.Smith at gcu.ac.uk>> wrote:
> Hi,
>
> I think for now you could duplicate the ldap auth file and rewrite:
>
> check()
> _valid_login()
> _validate_to_host()
>
> You'll need to hardwire some of the values as LDAP auth is hooked into the XOT database (we're working on changing the way this is done so that you should be able to store your Shib config values in XOT db more easily soon!ish)...
>
> As long as you return true and populate
>
> $this->_record = array('firstname' => xxxx], 'surname' => xxxx, 'username' => xxxx);
>
> then I believe that this should work... config.php will take care of the rest, including session_start()
>
> Regards,
>
> John Smith | Learning Technologist
> Room A251, Govan Mbeki Building | School of Health & Life Sciences | Glasgow Caledonian University
> Cowcaddens Road | Glasgow | G4 0BA
> ________________________________________
> From: xerte-bounces at lists.nottingham.ac.uk<mailto:xerte-bounces at lists.nottingham.ac.uk> [xerte-bounces at lists.nottingham.ac.uk<mailto:xerte-bounces at lists.nottingham.ac.uk>] On Behalf Of Bruce Jackson [bj1 at soas.ac.uk<mailto:bj1 at soas.ac.uk>]
> Sent: 22 July 2013 10:45
> To: Xerte discussion list
> Subject: [Xerte] Re: Shibbolising XOT
>
> Hi John,
>
> That was the route I was initially attempting, but ended confused as to what I should or shouldn't have included in my 'Shib.php' script.
> Could I hack the 'Ldap.php' script for example, just leaving in the public functions getUsername, getFirstname and getSurname to return the values passed forward from the Shibboleth IdP?
>
> Cheers,
>
> Bruce
>
>
>
> On 22 July 2013 10:20, Smith, John <J.J.Smith at gcu.ac.uk<mailto:J.J.Smith at gcu.ac.uk><mailto:J.J.Smith at gcu.ac.uk<mailto:J.J.Smith at gcu.ac.uk>>> wrote:
> I'd advise NOT altering the core files (you will then run into upgrade probs in the future for one) but looking in \library\Xerte\Authentication and creating a new Shibboleth authentication class that is abstracted out and should then be able to just slot in...
>
> Then it should only be a case of adding a new authentication method to auth_config
>
> Regards,
>
> John Smith | Learning Technologist
> Room A251, Govan Mbeki Building | School of Health & Life Sciences | Glasgow Caledonian University
> Cowcaddens Road | Glasgow | G4 0BA
> ________________________________________
> From: xerte-bounces at lists.nottingham.ac.uk<mailto:xerte-bounces at lists.nottingham.ac.uk><mailto:xerte-bounces at lists.nottingham.ac.uk<mailto:xerte-bounces at lists.nottingham.ac.uk>> [xerte-bounces at lists.nottingham.ac.uk<mailto:xerte-bounces at lists.nottingham.ac.uk><mailto:xerte-bounces at lists.nottingham.ac.uk<mailto:xerte-bounces at lists.nottingham.ac.uk>>] On Behalf Of Bruce Jackson [bj1 at soas.ac.uk<mailto:bj1 at soas.ac.uk><mailto:bj1 at soas.ac.uk<mailto:bj1 at soas.ac.uk>>]
> Sent: 22 July 2013 10:04
> To: xerte at lists.nottingham.ac.uk<mailto:xerte at lists.nottingham.ac.uk><mailto:xerte at lists.nottingham.ac.uk<mailto:xerte at lists.nottingham.ac.uk>>
> Subject: [Xerte] Shibbolising XOT
>
> Hello,
>
> We're trying to get Shibboleth working as a method of authentication here.
>
> From a thread on this forum back in November 2010 (http://lists.nottingham.ac.uk/pipermail/xerte/2010-November/007360.html), and from reading the comments in the integration.txt file, it appears it should be a fairly simple case of editing integration.txt to set the three variables ($_SESSION['toolkits_firstname'], $_SESSION['toolkits_surname'] and $_SESSION['toolkits_logon_username']) to values obtained from the Shibboleth IdP, adding a call "session_start()" at the beginning of the script, and then renaming integration.txt to be index.php.
>
> When I do that and try to log in, the page I get back appears to have a chunk of html missing at the start - see below.
> Should I be copying parts of the standard index.php script into the integration.txt version?
>
> Returned html:
>
> +++
>
>
> <script type="text/javascript"> // JAVASCRIPT library for fixed variables
> // management of javascript is set up here
> // SITE SETTINGS
> var site_url = "http://lamp1.lis.soas.ac.uk/xerte/";
> var site_apache = "false";
> var properties_ajax_php_path = "website_code/php/properties/";
> var management_ajax_php_path = "website_code/php/management/";
> var ajax_php_path = "website_code/php/";
> <div class="folder" id="folder_workspace" ondblclick="folder_open_close(this)" onclick="highlight_main_toggle(this)"><p><img style="vertical-align:middle" src="http://lamp1.lis.soas.ac.uk/xerte//website_code/images/folder_workspace.gif" />Workspace</p></div><div id="folderchild_workspace" class="workspace"><div id="file_5" class="file" preview_size="800,665" editor_size="800,665" style="padding-left:20px" onmousedown="single_click(this);file_folder_click_pause(event)" onmouseup="file_drag_stop(event,this)"><img src="http://lamp1.lis.soas.ac.uk/xerte//website_code/images/Icon_Page.gif" style="vertical-align:middle" />BJProj</div><div id="file_6" class="file" preview_size="800,665" editor_size="800,665" style="padding-left:20px" onmousedown="single_click(this);file_folder_click_pause(event)" onmouseup="file_drag_stop(event,this)"><img src="http://lamp1.lis.soas.ac.uk/xerte//website_code/images/Icon_Page.gif" style="vertical-align:middle" />BJProj</div></div><div class="folder" id="recyclebin" ondblclick="folder_open_close(this)" onclick="highlight_main_toggle(this)"><p><img id="folder_recyclebin" style="vertical-align:middle" src="http://lamp1.lis.soas.ac.uk/xerte//website_code/images/rb_empty.gif" />Recycle Bin</p></div><div id="folderchild_recyclebin" class="folder_content"></div><div class="template" onmouseover="this.style.backgroundColor='#ebedf3'" onmouseout="this.style.backgroundColor='#fff'"><div class="template_icon"></div><div class="template_desc"><p class="template_name">Bootstrap Template</p><p class="template_desc_p">A responsive template for delivering content to all devices.<br><button type="button" class="xerte_button" onclick="javascript:template_toggle('site')">Create</button></div><div id="site" class="rename"><span>Enter a name for this project</span><form action="javascript:create_tutorial('site')" method="post" enctype="text/plain"><input type="text" width="200" id="filename" name="filename" /><br /><button type="submit" class="xerte_button" >Create Project</button></form></div></div><div class="template" onmouseover="this.style.backgroundColor='#ebedf3'" onmouseout="this.style.backgroundColor='#fff'"><div class="template_icon"></div><div class="template_desc"><p class="template_name">Xerte Online Toolkit</p><p class="template_desc_p">A flexible template for creating interactive learning objects.<br><button type="button" class="xerte_button" onclick="javascript:template_toggle('Nottingham')">Create</button></div><div id="Nottingham" class="rename"><span>Enter a name for this project</span><form action="javascript:create_tutorial('Nottingham')" method="post" enctype="text/plain"><input type="text" width="200" id="filename" name="filename" /><br /><button type="submit" class="xerte_button" >Create Project</button></form></div></div><div class="template" onmouseover="this.style.backgroundColor='#ebedf3'" onmouseout="this.style.backgroundColor='#fff'"><div class="template_icon"></div><div class="template_desc"><p class="template_name">RSS Feed</p><p class="template_desc_p">Easily create and maintain an RSS Feed.<br><button type="button" class="xerte_button" onclick="javascript:template_toggle('Rss')">Create</button></div><div id="Rss" class="rename"><span>Enter a name for this project</span><form action="javascript:create_tutorial('Rss')" method="post" enctype="text/plain"><input type="text" width="200" id="filename" name="filename" /><br /><button type="submit" class="xerte_button" >Create Project</button></form></div></div>
> </body>
> </html>
>
>
> +++
>
> Thanks in advance for any help.
>
> Cheers,
>
> Bruce
>
> Glasgow Caledonian University is a registered Scottish charity, number SC021474
>
> Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
>
> Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
> _______________________________________________
> Xerte mailing list
> Xerte at lists.nottingham.ac.uk<mailto:Xerte at lists.nottingham.ac.uk><mailto:Xerte at lists.nottingham.ac.uk<mailto:Xerte at lists.nottingham.ac.uk>>
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>
> Glasgow Caledonian University is a registered Scottish charity, number SC021474
>
> Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
>
> Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
>
> _______________________________________________
> Xerte mailing list
> Xerte at lists.nottingham.ac.uk<mailto:Xerte at lists.nottingham.ac.uk>
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
>
> This message has been checked for viruses but the contents of an attachment
> may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
>
>
>
>
_______________________________________________
Xerte mailing list
Xerte at lists.nottingham.ac.uk<mailto:Xerte at lists.nottingham.ac.uk>
http://lists.nottingham.ac.uk/mailman/listinfo/xerte
Glasgow Caledonian University is a registered Scottish charity, number SC021474
Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
_______________________________________________
Xerte mailing list
Xerte at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte
Glasgow Caledonian University is a registered Scottish charity, number SC021474
Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
More information about the Xerte
mailing list