Menu
▾
▴
Re: [VuFind-Tech] VuFind 2 and Shibboleth
|
From: Václav R. <xro...@gm...> - 2013-06-14 13:24:21
|
Yes, shibboleth login is working. Thanks for the patch. Vasek 2013/6/14 Demian Katz <dem...@vi...>: > Does the attached patch solve the problem for you? > > - Demian > ________________________________________ > From: Václav Rosecký [xro...@gm...] > Sent: Friday, June 14, 2013 8:11 AM > To: Demian Katz > Cc: Osullivan L.; vuf...@li... > Subject: Re: [VuFind-Tech] VuFind 2 and Shibboleth > > Hi all > > The workflow is: > > 1) user click on Institutional Login and in our case goes to this URL: > > https://vufind2.mzk.cz/Shibboleth.sso/Login?target=https%3A%2F%2Fvufind2.mzk.cz%2FMyResearch%2FHome > > 2) user is redirected to Shibboleth URL > > 3) Shibboleth redirects user back to the URL > https://vufind2.mzk.cz/MyResearch/Home, homeAction() in > MyResearchController is called: > - if clausule "$this->params()->fromPost('processLogin')" on line > 54 evaluate to false > - if clausule "!$this->getAuthManager()->isLoggedIn()" on line 64 > evaluate to true, referer is stored (in our case > "https://shibboleth.mzk.cz/*") and user is forwarded to > MyResearch/Login > > So the first if clausule in homeAction() should evaluate to true as Luke wrote. > > Vasek > > 2013/6/14 Demian Katz <dem...@vi...>: >> I'm not sure I understand how this is becoming a problem... Here is the intended workflow: >> >> 1.) Is user logged in? Yes --> 2, No --> 3 >> 2.) Is there a stored URL? Yes --> 4 No --> 5 >> 3.) Store referer URL, then send user to login page; after successful login, continue with step 4 below. >> 4.) Redirect to stored URL >> 5.) Redirect to default post-logged-in page >> >> I don't understand this bug because if everything is working correctly, VuFind should store the URL of the page being accessed, redirect to Shibboleth, then go back to the stored URL when the user returns. I'm not sure how it is storing a Shibboleth URL as the referer, since the user should only be coming back after a successful login. >> >> One possible solution/workaround would be to only store referer URLs that are known to be internal to VuFind (i.e. check that the home URL is a substring of the referer URL before storing it). However, before making that kind of fix, I'd like to understand how this is happening in the first place; maybe there's a more elegant solution available. >> >> What do you think? >> >> thanks, >> Demian >> ________________________________________ >> From: Václav Rosecký [xro...@gm...] >> Sent: Friday, June 14, 2013 3:40 AM >> To: Osullivan L. >> Cc: vuf...@li... >> Subject: Re: [VuFind-Tech] VuFind 2 and Shibboleth >> >> Hi Osullivan >> >> I tried latest VuFind 2.0 from git with Shibboleth and we have the >> same issue. Not exactly infinitite loop (second loop is interrupted on >> shibboleth side due to missing AuthState param in URL, but it is a >> matter of Shibboleth configuration) and the problem seems to be in >> MyResearchController. >> >> On line 65 in MyResearchController.php HTTP_REFERER is read and >> stored. In our case it is Shibboleth login URL leading to second loop. >> If I uncomment line 67, the problem is fixed, but the user is always >> returned to MyResearch/Favorites (or >> MyResearch/$config->Site->defaultAccountPage) - not the page he came >> from. >> >> Vašek >> >> >> 2013/6/13 Osullivan L. <L.O...@sw...>: >>> Hi Folks, >>> >>> Has anyone got VuFind2 running with Shibboleth? I'm coming up against a >>> problem which I think may be a bug. >>> >>> Basically, I get stuck in an infinite loop between MyResearch/Home and >>> MyResearch/Login - it took me a whole to work this out as rather than >>> throwing the loop error, I was just taken to the http root of the web >>> server. It was only when I put in a trust echo("smeg") that the loop error >>> appeared. >>> >>> Anyway, from what I can tell, >>> $this->getAuthManager()->login($this->getRequest() only ever gets called in >>> the MyResearch/Home action and the Ajax Action. The code is: >>> >>> // Process login request, if necessary: >>> if ($this->params()->fromPost('processLogin')) { >>> try { >>> $this->getAuthManager()->login($this->getRequest()); >>> } catch (AuthException $e) { >>> $this->flashMessenger()->setNamespace('error') >>> ->addMessage($e->getMessage()); >>> } >>> } >>> >>> As a Shibboleth login will never have a "processLogin" POST value set, the >>> authentication block is always ignored. Can anyone else verify this? >>> >>> Thanks, >>> >>> Luke >>> >>> >>> -- >>> Luke O'Sullivan >>> Systems Developer >>> Web Team >>> Swansea University, Singleton Park, Swansea SA2 8PP, UK >>> l.o...@sw... >>> 01792 602772 >>> @l_os_cymru >>> >>> >>> ------------------------------------------------------------------------------ >>> This SF.net email is sponsored by Windows: >>> >>> Build for Windows Store. >>> >>> http://p.sf.net/sfu/windows-dev2dev >>> _______________________________________________ >>> Vufind-tech mailing list >>> Vuf...@li... >>> https://lists.sourceforge.net/lists/listinfo/vufind-tech >>> >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by Windows: >> >> Build for Windows Store. >> >> http://p.sf.net/sfu/windows-dev2dev >> _______________________________________________ >> Vufind-tech mailing list >> Vuf...@li... >> https://lists.sourceforge.net/lists/listinfo/vufind-tech |