Add slave mechanism. Closes #222
Xavier Guimard
15 years ago
parent
846e9c3475
commit
9969dd69e2
@ -1,117 +0,0 @@ |
||||
#!/usr/bin/perl |
||||
|
||||
=pod |
||||
|
||||
=head1 NON AUTHENTICATING PORTAL TO USE WITH OTHER WEB-SSO |
||||
|
||||
If Lemonldap::NG has to operate with another Web-SSO without any interworking |
||||
system, Lemonldap::NG can be used as slave. |
||||
|
||||
Install : |
||||
|
||||
=over |
||||
|
||||
=item * Install and adapt this file in an area protected by the master SSO |
||||
|
||||
=item * Use L<Lemonldap::NG::Handler::CDA> to protect Lemonldap::NG area if |
||||
this area is not in the same DNS domain than the portal |
||||
|
||||
=back |
||||
|
||||
Authentication scheme : |
||||
|
||||
=over |
||||
|
||||
=item * a user that wants to access to a protected url, Lemonldap::NG::Handler |
||||
redirect it to the portal |
||||
|
||||
=item * the portal creates the Lemonldap::NG session with the parameters given |
||||
by the master SSO |
||||
|
||||
=item * the user is redirected to the wanted application. If it is not in the |
||||
same domain, the handler detects the session id with the Lemonldap::NG |
||||
cross-domain-authentication mechanism and generates the cookie |
||||
|
||||
=back |
||||
|
||||
=cut |
||||
|
||||
use Lemonldap::NG::Portal::SharedConf; |
||||
|
||||
my $portal = Lemonldap::NG::Portal::SharedConf->new( |
||||
{ |
||||
cda => 1, |
||||
|
||||
# SUBROUTINES OVERLOAD |
||||
# 2 cases : |
||||
# 1 - If LDAP search is not needed (the master SSO gives all |
||||
# that we need) |
||||
extractFormInfo => sub { PE_OK }, |
||||
connectLDAP => sub { PE_OK }, |
||||
bind => sub { PE_OK }, |
||||
search => sub { PE_OK }, |
||||
setSessionInfo => sub { |
||||
my $self = shift; |
||||
|
||||
# TODO: You have to set $self->{sessionInfo} |
||||
# hash table with user attributes |
||||
# Example: |
||||
# $self->{sessionInfo}->{uid} = $ENV{REMOTE_USER}; |
||||
PE_OK,; |
||||
}, |
||||
unbind => sub { PE_OK }, |
||||
|
||||
# 2 - Else, LDAP will do its job, but we have to set UID or |
||||
# what is needed by C<formateFilter> subroutine. |
||||
extractFormInfo => sub { |
||||
my $self = shift; |
||||
|
||||
# EXAMPLE with $ENV{REMOTE_USER} |
||||
$self->{user} = $ENV{REMOTE_USER}; |
||||
PE_OK; |
||||
}, |
||||
|
||||
# In the 2 cases, authentication phase has to be avoided |
||||
authenticate => sub { PE_OK }, |
||||
|
||||
# If no Lemonldap::NG protected application is in the same domaine than |
||||
# the portal, it is recommended to not set a lemonldap::NG cookie in the |
||||
# other domain : |
||||
# Lemonldap::NG::Handler protect its cookie from remote application |
||||
# (to avoid developers to spoof an identity), but the master SSO |
||||
# will probably keep it. |
||||
buildCookie => sub { |
||||
my $self = shift; |
||||
$self->{cookie} = $self->cookie( |
||||
-name => $self->{cookieName}, |
||||
|
||||
# null value instead of de $self->{id} |
||||
-value => '', |
||||
-domain => $self->{domain}, |
||||
-path => "/", |
||||
-secure => $self->{securedCookie}, |
||||
@_, |
||||
); |
||||
PE_OK; |
||||
}, |
||||
} |
||||
); |
||||
|
||||
# Else, we process as usual, but without prompting users with a form |
||||
|
||||
if ( $portal->process() ) { |
||||
print $portal->header('text/html; charset=utf-8'); |
||||
print $portal->start_html; |
||||
print "<h1>You are well authenticated !</h1>"; |
||||
print $portal->end_html; |
||||
} |
||||
else { |
||||
print $portal->header('text/html; charset=utf-8'); |
||||
print $portal->start_html; |
||||
print qq#<h2>Authentication failed</h2> |
||||
Portal is not able to recognize you |
||||
<br /> |
||||
Contact your administrator (Error: # . $portal->error . ')'; |
||||
print $portal->end_html; |
||||
} |
||||
1; |
||||
@ -0,0 +1,96 @@ |
||||
##@file |
||||
# Slave authentication backend file |
||||
|
||||
##@class |
||||
# Slave authentication backend class |
||||
package Lemonldap::NG::Portal::AuthSlave; |
||||
|
||||
use strict; |
||||
use Lemonldap::NG::Portal::Simple; |
||||
use Lemonldap::NG::Portal::AuthNull; |
||||
|
||||
our $VERSION = '1.0.0'; |
||||
our @ISA = qw(Lemonldap::NG::Portal::AuthNull); |
||||
|
||||
## @apmethod int setAuthSessionInfo() |
||||
# Set _user value to 'anonymous' and authenticationLevel to 0 |
||||
# @return Lemonldap::NG::Portal constant |
||||
sub setAuthSessionInfo { |
||||
my $self = shift; |
||||
|
||||
$self->{sessionInfo}->{'_user'} = 'anonymous'; |
||||
$self->{sessionInfo}->{authenticationLevel} = $self->{slaveAuthnLevel}; |
||||
|
||||
PE_OK; |
||||
} |
||||
|
||||
1; |
||||
__END__ |
||||
|
||||
=head1 NAME |
||||
|
||||
=encoding utf8 |
||||
|
||||
Lemonldap::NG::Portal::AuthSlave - Perl extension for building Lemonldap::NG |
||||
compatible portals with Apache authentication. |
||||
|
||||
=head1 SYNOPSIS |
||||
|
||||
use Lemonldap::NG::Portal::SharedConf; |
||||
my $portal = new Lemonldap::NG::Portal::Simple( |
||||
configStorage => {...}, # See Lemonldap::NG::Portal |
||||
authentication => 'Slave', |
||||
); |
||||
|
||||
if($portal->process()) { |
||||
# Write here the menu with CGI methods. This page is displayed ONLY IF |
||||
# the user was not redirected here. |
||||
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3)) |
||||
print "..."; |
||||
|
||||
# or redirect the user to the menu |
||||
print $portal->redirect( -uri => 'https://portal/menu'); |
||||
} |
||||
else { |
||||
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see CGI(3)) |
||||
print "<html><body><h1>Unable to work</h1>"; |
||||
print "This server isn't well configured. Contact your administrator."; |
||||
print "</body></html>"; |
||||
} |
||||
|
||||
=head1 DESCRIPTION |
||||
|
||||
This library just overload few methods of Lemonldap::NG::Portal::Simple to |
||||
create sessions for anonymous users. |
||||
|
||||
See L<Lemonldap::NG::Portal::Simple> for usage and other methods. |
||||
|
||||
=head1 SEE ALSO |
||||
|
||||
L<Lemonldap::NG::Portal>, L<Lemonldap::NG::Portal::Simple>, |
||||
L<http://lemonldap-ng.org/> |
||||
|
||||
=head1 AUTHOR |
||||
|
||||
Clement Oudot, E<lt>clement@oodo.netE<gt> |
||||
|
||||
=head1 BUG REPORT |
||||
|
||||
Use OW2 system to report bug or ask for features: |
||||
L<http://jira.ow2.org> |
||||
|
||||
=head1 DOWNLOAD |
||||
|
||||
Lemonldap::NG is available at |
||||
L<http://forge.objectweb.org/project/showfiles.php?group_id=274> |
||||
|
||||
=head1 COPYRIGHT AND LICENSE |
||||
|
||||
Copyright (C) 2010 by Clement Oudot |
||||
|
||||
This library is free software; you can redistribute it and/or modify |
||||
it under the same terms as Perl itself, either Perl version 5.10.0 or, |
||||
at your option, any later version of Perl 5 you may have available. |
||||
|
||||
=cut |
||||
|
||||
@ -0,0 +1,30 @@ |
||||
## @file |
||||
# Slave userDB mechanism |
||||
|
||||
## @class |
||||
# Slave userDB mechanism class |
||||
package Lemonldap::NG::Portal::UserDBSlave; |
||||
|
||||
use strict; |
||||
use Lemonldap::NG::Portal::Simple; |
||||
use Lemonldap::NG::Portal::UserDBNull; |
||||
|
||||
our $VERSION = '1.0.0'; |
||||
our @ISA = qw(Lemonldap::NG::Portal::UserDBNull); |
||||
|
||||
## @apmethod int setSessionInfo() |
||||
# Search exportedVars values in HTTP headers. |
||||
# @return Lemonldap::NG::Portal constant |
||||
sub setSessionInfo { |
||||
my $self = shift; |
||||
my $c = 0; |
||||
while ( my ( $k, $v ) = each %{ $self->{exportedVars} } ) { |
||||
$v = 'HTTP_' . uc($v); |
||||
$v =~ s/\-/_/g; |
||||
$self->{sessionInfo}->{$k} = $ENV{$v} and $c++; |
||||
} |
||||
return ( $c ? PE_OK : PE_USERNOTFOUND ); |
||||
} |
||||
|
||||
1; |
||||
|
||||
Loading…
Reference in new issue