[EP-tech] Re: EPrints webserver authentication, skipping authentication?

Jose Martin J.Martin at ulcc.ac.uk
Tue Jan 22 18:53:28 GMT 2013


Hi Paolo,

That was my first thought, but we have the following Apache config inside <VirtualHost *:443>:

  <IfModule mod_shib>
    <Location ~  "/cgi-bin/printenv">
        AuthType shibboleth
        ShibRequireSession On
        require valid-user
    </Location>
  </IfModule>

and Shibboleth works fine when accessing /cgi-bin/printenv via https: it will ask both browsers for authentication.

I make the shibboleth/login script write a line to the log, and when the session is borrowed, nothing appears in the log. The login script is the Shibboleth-protected resource: if it is skipped somehow, it makes sense that Shibboleth integration is not working correctly.

The problem seems to be EPrints acknowledging valid sessions as long as the login ticket exists in the DB.

Best,

	Jose


-----Original Message-----
From: eprints-tech-bounces at ecs.soton.ac.uk [mailto:eprints-tech-bounces at ecs.soton.ac.uk] On Behalf Of Paolo Tealdi
Sent: 22 January 2013 15:40
To: eprints-tech at ecs.soton.ac.uk
Subject: [EP-tech] Re: EPrints webserver authentication, skipping authentication?


On 01/22/2013 04:14 PM, Jose Martin wrote:

Hi Josè,

i'm using that plugin (with some small changes that i should get from our  local svn server ) with Shibboleth authentication and i don't see this "feature".
After logged in through Shibboleth  with Firefox from my machine, if i open Chrome the login button redirect me to shibboleth again.
Could be a problem  with YOUR Shibboleth authentication ?
This feature happens also accessing other shibboleth SP ?

Best regards,
Paolo Tealdi


> Hi,
>
> Has anyone implemented EPrints webserver authentication as in http://files.eprints.org/738/?
>
> I have integrated a 3.3.10 repository with an external Shibboleth 
> authentication system, but it seems that once a session is successfully started, you can launch another browser and upon clicking "Login", it will "steal" the other browser's session and display the "Manage deposits | Profile..." options.
>
> Apparently, it reuses the login ticket from the former, valid session.
>
> Has anyone noticed this behaviour as well?
>
> Cheers,
>
>                  Jose
>
> ----
>
> Jose Martin
>
> Digital Repositories Specialist
>
> Research Technologies Group
>
> University of London Computer Centre
>
> Senate House  |  Malet Street  |  London  |  WC1E 7HU
>
> t: +44 (0)20 7863 1342
>
> e: J.Martin at ulcc.ac.uk
>
> w: http://www.ulcc.ac.uk/
>
> b: http://dablog.ulcc.ac.uk/
>
> The University of London is an exempt charity in England and Wales and 
> a charity registered in Scotland (reg. no. SC041194)
>
> ----
>
>
>
> *** Options: 
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: http://www.eprints.org/tech.php/
> *** EPrints community wiki: http://wiki.eprints.org/
>


-- 
Ing. Paolo Tealdi         Area IT - Politecnico Torino
Telefono/Phone : +39-011-0906714 , FAX : +39-011-0906799 Indirizzo/Address : C.so Duca degli Abruzzi,  24 - 10129 Torino - ITALY Skype : tealdi.paolo Please consider your environmental responsibility before printing this e-mail
*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/



More information about the Eprints-tech mailing list