Skip to first unread message
tmi...@gmail.com
Mar 4, 2019, 5:37:08 PM3/4/19
to AtoM Users
Hi,
I was wondering if anyone had AtoM 2.4.1 and Shibboleth working with Clean URL's (no script name)?
I have the following .htaccess file
<IfModule mod_rewrite.c>
RewriteEngine On
# uncomment the following line, if you are having trouble
# getting no_script_name to work
RewriteBase /
# we skip all files with .something
#RewriteCond %{REQUEST_URI} \..+$
#RewriteCond %{REQUEST_URI} !\.html$
#RewriteRule .* - [L]
# we check if the .html version is here (caching)
# RewriteRule ^$ index.html [QSA]
# RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_URI} !\.sso/
# RewriteCond %{REQUEST_FILENAME} !-f
# no, so we redirect to our front web controller
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
RewriteEngine On
# uncomment the following line, if you are having trouble
# getting no_script_name to work
RewriteBase /
# we skip all files with .something
#RewriteCond %{REQUEST_URI} \..+$
#RewriteCond %{REQUEST_URI} !\.html$
#RewriteRule .* - [L]
# we check if the .html version is here (caching)
# RewriteRule ^$ index.html [QSA]
# RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_URI} !\.sso/
# RewriteCond %{REQUEST_FILENAME} !-f
# no, so we redirect to our front web controller
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
However, when I try to login to shibboleth the apache variables get rewritten with the prefix REDIRECTED_.
I did notice though I try to go to /index.php/user/login though it does show the variables without the REDIRECTED_ prefix.
Thanks for any suggestions or ideas.
Tom
tmi...@gmail.com
Mar 5, 2019, 12:45:11 PM3/5/19
to AtoM Users
Just wanted to follow up.
<Location />
AuthType shibboleth
ShibRequestSetting requireSession 0
require shibboleth
</Location>
<Location /user/login>
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
</Location>
AuthType shibboleth
ShibRequestSetting requireSession 0
require shibboleth
</Location>
<Location /user/login>
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
</Location>
I did not have the first Location Directive adding that with the settings did fix this issue.
Thanks!
Tom
Dan Gillean
Mar 5, 2019, 1:24:50 PM3/5/19
to ICA-AtoM Users
Hi Tom,
I'm glad to hear you've figured out what you needed!
AtoM has support for basic LDAP (described in ticket #9765 though apparently not yet in our formal docs! will have to get on that...), but as far as I know, we've never tested it for use with Shibboleth. Are you trying to use it out of the box, have you made local customizations, or are you using a community-developed integration such as this one?
--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To post to this group, send email to ica-ato...@googlegroups.com.
Visit this group at https://groups.google.com/group/ica-atom-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/64515dc8-b2ff-4d6f-9470-2fd0b8947f50%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
tmi...@gmail.com
Mar 5, 2019, 1:41:55 PM3/5/19
to AtoM Users
Hi Dan,
Unfortunately, LDAP is currently out of the question for our implementation at this time, and have a big push towards using Shibboleth for SSO as it is.
Sorry, I thought I mentioned I was using the CENDARI Shibboleth plugin. I had to make a couple of changes to that code to get it working, which I plan on turning into a Pull Request on that project. For example that code is looking for attributes to be named a specific way and we don't name them that way. So looking at making it a configuration option similar to how one can specify the shibboleth groups in the config.
Tom
Dan Gillean
Mar 5, 2019, 6:02:00 PM3/5/19
to ICA-AtoM Users
Interesting, thanks!
If they accept your pull request, please let me know! If so, I can update the entry on our wiki to say that this has been known to work with the public AtoM 2.4 release.
Cheers,
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/a94fe269-8897-4687-b1de-710aa10f0048%40googlegroups.com.
Tom Misilo
Mar 5, 2019, 7:54:58 PM3/5/19
to ica-ato...@googlegroups.com
Dan, I only had to change what attributes I we are using, so I think you are safe to say it has been tested on 2.4.1.
Tom
You received this message because you are subscribed to a topic in the Google Groups "AtoM Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ica-atom-users/xZeV1VAvJuM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ica-atom-user...@googlegroups.com.
To post to this group, send email to ica-ato...@googlegroups.com.
Visit this group at https://groups.google.com/group/ica-atom-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/CAC1FhZLCbhmVCRsfKRgBHsumeH3eJ3FzVP939a8WwubCV4EdTg%40mail.gmail.com.
Dan Gillean
Mar 6, 2019, 10:18:37 AM3/6/19
to ICA-AtoM Users
Good to know! Thanks, I will add a note to the wiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/CACZhg%3DFs6aOezino0V%2BRZ1MejuD3PkXJvWO0hjq5kreihQ0F3g%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages