--- loncom/auth/lonshibauth.pm 2021/06/22 16:56:35 1.5 +++ loncom/auth/lonshibauth.pm 2021/10/26 15:52:54 1.11 @@ -1,7 +1,7 @@ # The LearningOnline Network # Redirect Shibboleth authentication to designated URL (/adm/sso). # -# $Id: lonshibauth.pm,v 1.5 2021/06/22 16:56:35 raeburn Exp $ +# $Id: lonshibauth.pm,v 1.11 2021/10/26 15:52:54 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -68,29 +68,51 @@ package Apache::lonshibauth; use strict; use lib '/home/httpd/lib/perl/'; use Apache::lonnet; +use Apache::loncommon; +use Apache::lonacc; use Apache::Constants qw(:common REDIRECT); -use LONCAPA qw(:DEFAULT); +use LONCAPA qw(:DEFAULT :match); sub handler { my $r = shift; my $target = '/adm/sso'; - my $uri = $r->uri; - if (($r->user eq '') && ($uri ne $target)) { + if (&Apache::lonnet::get_saml_landing()) { + $target = '/adm/login'; + } + if (($r->user eq '') && ($r->uri ne $target) && ($r->uri ne '/adm/sso')) { my $lonhost = $Apache::lonnet::perlvar{'lonHostID'}; my $hostname = &Apache::lonnet::hostname($lonhost); if (!$hostname) { $hostname = $r->hostname(); } my $protocol = $Apache::lonnet::protocol{$lonhost}; unless ($protocol eq 'https') { $protocol = 'http'; } my $alias = &Apache::lonnet::use_proxy_alias($r,$lonhost); - $hostname = $alias if ($alias ne ''); - my $dest = $protocol.'://'.$hostname.$target; - $r->subprocess_env; - if ($ENV{'QUERY_STRING'} ne '') { - $dest .= '?'.$ENV{'QUERY_STRING'}; + if (($alias ne '') && + (&Apache::lonnet::alias_shibboleth($lonhost))) { + $hostname = $alias; } - if ($uri ne '/adm/roles/') { - unless ($ENV{'QUERY_STRING'} =~ /origurl=/) { - $dest.=(($dest=~/\?/)?'&':'?').'origurl='.$uri; + my $dest = $protocol.'://'.$hostname.$target; + if ($target eq '/adm/login') { + my $querystring = &set_token($r,$lonhost); + if ($querystring ne '') { + $dest .= '?'.$querystring; + } + } else { + my $uri = $r->uri; + if ($r->args ne '') { + $dest .= (($dest=~/\?/)?'&':'?').$r->args; + } + unless (($uri eq '/adm/roles') || ($uri eq '/adm/logout')) { + unless ($r->args =~ /origurl=/) { + $dest.=(($dest=~/\?/)?'&':'?').'origurl='.$uri; + } + } + if ($uri =~ m{^/tiny/$match_domain/\w+$}) { + unless (($r->args =~ /ltoken=/) || ($r->args =~ /linkkey=/)) { + &Apache::lonacc::get_posted_cgi($r,['linkkey']); + if ($env{'form.linkkey'} ne '') { + $dest.=(($dest=~/\?/)?'&':'?').'linkkey='.$env{'form.linkkey'}; + } + } } } $r->header_out(Location => $dest); @@ -100,5 +122,53 @@ sub handler { } } +sub set_token { + my ($r,$lonhost) = @_; + my ($firsturl,$querystring,$ssotoken,@names,%token); + @names = ('role','symb','ltoken','linkkey'); + map { $token{$_} = 1; } @names; + unless (($r->uri eq '/adm/roles') || ($r->uri eq '/adm/logout')) { + $firsturl = $r->uri; + } + if ($r->args ne '') { + &Apache::loncommon::get_unprocessed_cgi($r->args); + } + if ($r->uri =~ m{^/tiny/$match_domain/\w+$}) { + unless (($env{'form.ltoken'}) || ($env{'form.linkkey'})) { + &Apache::lonacc::get_posted_cgi($r,['linkkey']); + } + } + my $extras; + foreach my $name (@names) { + if ($env{'form.'.$name} ne '') { + if ($name eq 'ltoken') { + my %info = &Apache::lonnet::tmpget($env{'form.ltoken'}); + if ($info{'linkprot'}) { + $extras .= '&linkprot='.&escape($info{'linkprot'}); + last; + } + } else { + $extras .= '&'.$name.'='.&escape($env{'form.'.$name}); + } + } + } + if (($firsturl ne '') || ($extras ne '')) { + $extras .= ':sso'; + $ssotoken = &Apache::lonnet::reply('tmpput:'.&escape($firsturl). + $extras,$lonhost); + $querystring = 'sso='.$ssotoken; + } + if ($r->args ne '') { + foreach my $key (sort(keys(%env))) { + if ($key =~ /^form\.(.+)$/) { + my $name = $1; + next if ($token{$name}); + $querystring .= '&'.$name.'='.$env{$key}; + } + } + } + return $querystring; +} + 1; __END__