[EP-tech] Shibboleth and local login

Yuri yurj at alfa.it
Wed Feb 7 09:03:05 GMT 2018 

Hi!

I'm following: https://wiki.eprints.org/w/Webserver_authentication

  I've found this in :

                 if( $repository->current_url ne 
$repository->current_url( path => "cgi", "users/login" ) )
                 {
EPrints::Apache::AnApache::send_status_line( $r, 302, "Need to login 
first" );
                         EPrints::Apache::AnApache::header_out( $r, 
"Location", $login_url );
EPrints::Apache::AnApache::send_http_header( $r );
                         return DONE;
                 }

this create a loop in authentication because it doesn'nt check for 
/shibboleth/login! perl_lib/EPrints/Apache/Auth.pm

My question is also how I can insert a link to a local authentication 
because if I follow a link to /cgi/users/login, I get redirected to 
shibboleth auth. Is it because of the lines above?

To avoid the loop, in auth.pl I've changed this:

    my $url = URI->new( $session->get_repository->get_conf( "base_url" ) 
. "/shibboleth/login" ); <- base_url is http, no shibboleth, so the 
server keep redirecting over and over

  to:

     my $url = "https://<mysite>/shibboleth/login";

So, I think the guide is incomplete or there's something not clear to me...

Il 14/12/2017 09:11, Yuri ha scritto:
> Ok, so I've just to add a link to /shibboleth/login in 
> /cgi/users/login for people which want to login using shibboleth, 
> isn't it?
>
> For redirects it is not a problem, but I think /cgi/users/login 
> already save the loginparams so send you to the wanted page.
>
>
> Il 13/12/2017 11:25, David R Newman ha scritto:
>> Hi Yuri,
>>
>> The actual login page is http://HOSTNAME/cgi/users/login you could
>> include this link for people who want to login using local login.
>>   However, must the links that require you to login will still always
>> redirect to shibboleth, so you will have to instruct you local uses
>> that they must click on the local login to ensure they are logged in
>> before trying to use any of the logged in user functionality,
>>
>> You might want to do something clever with the login link to ensure the
>> user gets returned to the same page they were on before they realised
>> they need to login.  I am not sure how to do this off the top of my
>> head.
>>
>> Regards
>>
>> David Newman
>>
>> On Wed, 2017-12-13 at 10:53 +0100, Yuri wrote:
>>> Hi!
>>>
>>>    reading and implementing this guide:
>>>
>>> https://wiki.eprints.org/w/Shibboleth
>>>
>>>    every login is handled by Shibboleth. Is there a way to let the
>>> user
>>> choose betsween local and Shibboleth login?
>>>
>>>
>>> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-
>>> tech
>>> *** Archive: http://www.eprints.org/tech.php/
>>> *** EPrints community wiki: http://wiki.eprints.org/
>>> *** EPrints developers Forum: http://forum.eprints.org/
>> *** Options: 
>> http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>> *** Archive: http://www.eprints.org/tech.php/
>> *** EPrints community wiki: http://wiki.eprints.org/
>> *** EPrints developers Forum: http://forum.eprints.org/
>

More information about the Eprints-tech mailing list