version 1.2, 2015/01/23 15:57:27
|
version 1.3, 2021/12/06 03:31:54
|
Line 28
|
Line 28
|
|
|
=head1 NAME |
=head1 NAME |
|
|
Apache::lonshibacc - Authorization handler if Shibboleth-authenticated |
Apache::lonshibacc - Initial Authorization handler for |
|
SSO-authenticated users. |
|
|
=head1 SYNOPSIS |
=head1 SYNOPSIS |
|
|
Line 42 PerlAuthzHandler Apache::lonshibac
|
Line 43 PerlAuthzHandler Apache::lonshibac
|
Authorization handler used to remove trailing @internet dom |
Authorization handler used to remove trailing @internet dom |
from Shibboleth authenticated username (e.g., @mit.edu). |
from Shibboleth authenticated username (e.g., @mit.edu). |
|
|
After making change to $r->user, will return DECLINE so |
Authorization handler used to: |
lonacc.pm can be invoked as the next authorization handler. |
|
|
(a) remove trailing @internet dom from Shibboleth |
|
authenticated username (e.g., @mit.edu), |
|
unless lonSSOEmailOK perl var is set to 1, and/or |
|
|
|
(b) set URI for authenticated user to /adm/sso, if |
|
lonOtherAuthenUrl is set. |
|
|
|
After making changes to $r->user and/or $r->uri, DECLINED is |
|
returned so lonacc.pm can be invoked as the next authorization |
|
handler via: |
|
|
PerlAuthzHandler Apache::lonacc |
PerlAuthzHandler Apache::lonacc |
|
|
Line 74 sub handler {
|
Line 85 sub handler {
|
my $uint_dom = &Apache::lonnet::internet_dom($uprimary_id); |
my $uint_dom = &Apache::lonnet::internet_dom($uprimary_id); |
if ($user =~ /^(\w[a-zA-Z0-9_\-.]+)\@\Q$uint_dom\E$/i) { |
if ($user =~ /^(\w[a-zA-Z0-9_\-.]+)\@\Q$uint_dom\E$/i) { |
my $username = $1; |
my $username = $1; |
$user = $r->user($username); |
unless ($r->dir_config('lonSSOEmailOK') == 1) { |
|
$user = $r->user($username); |
|
} |
} |
} |
} |
} |
|
if (($r->dir_config('lonOtherAuthenUrl') ne '') && |
|
($r->uri eq $r->dir_config('lonOtherAuthenUrl'))) { |
|
$r->uri('/adm/sso'); |
|
} |
} |
} |
return DECLINED; |
return DECLINED; |
} |
} |