New feature in Portal: Cross-Domain-Authentication (Lemonldap::NG::Portal::CDA).
This commit is contained in:
parent
670f44c91b
commit
9a8d380ad7
|
@ -2,6 +2,7 @@ Changes
|
|||
example/index.pl
|
||||
lib/Lemonldap/NG/Portal.pm
|
||||
lib/Lemonldap/NG/Portal/AuthSSL.pm
|
||||
lib/Lemonldap/NG/Portal/CDA.pm
|
||||
lib/Lemonldap/NG/Portal/SharedConf.pm
|
||||
lib/Lemonldap/NG/Portal/SharedConf/DBI.pm
|
||||
lib/Lemonldap/NG/Portal/Simple.pm
|
||||
|
@ -10,6 +11,7 @@ MANIFEST
|
|||
META.yml Module meta-data (added by MakeMaker)
|
||||
README
|
||||
t/Lemonldap-NG-Portal-AuthSSL.t
|
||||
t/Lemonldap-NG-Portal-CDA.t
|
||||
t/Lemonldap-NG-Portal-SharedConf-DBI.t
|
||||
t/Lemonldap-NG-Portal-SharedConf.t
|
||||
t/Lemonldap-NG-Portal-Simple.t
|
||||
|
|
|
@ -2,7 +2,7 @@ package Lemonldap::NG::Portal;
|
|||
|
||||
print STDERR
|
||||
"See Lemonldap::NG::Portal(3) to know which Lemonldap::NG::Portal::* module to use.";
|
||||
our $VERSION = "0.61";
|
||||
our $VERSION = "0.62";
|
||||
|
||||
1;
|
||||
|
||||
|
@ -280,7 +280,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
||||
|
|
|
@ -42,7 +42,8 @@ compatible portals with SSL authentication.
|
|||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
With Lemonldap::NG::Portal::SharedConf::DBI, set authentication field to "SSL".
|
||||
With Lemonldap::NG::Portal::SharedConf, set authentication field to "SSL" in
|
||||
configuration database.
|
||||
|
||||
With Lemonldap::NG::Portal::Simple:
|
||||
|
||||
|
@ -104,7 +105,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
||||
|
|
|
@ -0,0 +1,113 @@
|
|||
package Lemonldap::NG::Portal::CDA;
|
||||
|
||||
use strict;
|
||||
use Lemonldap::NG::Portal::SharedConf qw(:all);
|
||||
|
||||
our $VERSION = '0.01';
|
||||
our @ISA = ('Lemonldap::NG::Portal::SharedConf');
|
||||
|
||||
*EXPORT_OK = *Lemonldap::NG::Portal::SharedConf::EXPORT_OK;
|
||||
*EXPORT_TAGS = *Lemonldap::NG::Portal::SharedConf::EXPORT_TAGS;
|
||||
*EXPORT = *Lemonldap::NG::Portal::SharedConf::EXPORT;
|
||||
|
||||
##################
|
||||
# OVERLOADED SUB #
|
||||
##################
|
||||
|
||||
# 2. Existing sessions are validated so users coming from an other domain
|
||||
# are not re-prompted
|
||||
sub existingSession {
|
||||
my ($self, $id, $datas) = @_;
|
||||
PE_DONE;
|
||||
}
|
||||
|
||||
# 16. If the user was redirected to the portal, we will now redirect him
|
||||
# to the requested URL. If it does not come from our domain, we add
|
||||
# ID in URL
|
||||
sub autoRedirect {
|
||||
my $self = shift;
|
||||
my $tmp = $self->{domain};
|
||||
$self->{urldc} .= ";".$self->{cookieName}."=".$self->{id} if($self->{urldc} !~ /$tmp$/oi);
|
||||
return $self->SUPER::autoredirect(@_);
|
||||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
|
||||
=head1 NAME
|
||||
|
||||
Lemonldap::NG::Portal::CDA - Perl extension for building Lemonldap::NG
|
||||
compatible portals with Cross Domain Authentication.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
use Lemonldap::NG::Portal::SharedConf;
|
||||
my $portal = new Lemonldap::NG::Portal::SharedConf( {
|
||||
configStorage => {
|
||||
type => 'DBI',
|
||||
dbiChain => "dbi:mysql:...",
|
||||
dbiUser => "lemonldap",
|
||||
dbiPassword => "password",
|
||||
dbiTable => "lmConfig",
|
||||
},
|
||||
} );
|
||||
|
||||
if($portal->process()) {
|
||||
# Write here the menu with CGI methods. This page is displayed ONLY IF
|
||||
# the user was not redirected here.
|
||||
print $portal->header; # DON'T FORGET THIS (see L<CGI(3)>)
|
||||
print "...";
|
||||
|
||||
# or redirect the user to the menu
|
||||
print $portal->redirect( -uri => 'https://portal/menu');
|
||||
}
|
||||
else {
|
||||
# Write here the html form used to authenticate with CGI methods.
|
||||
# $portal->error returns the error message if athentification failed
|
||||
# Warning: by defaut, input names are "user" and "password"
|
||||
print $portal->header; # DON'T FORGET THIS (see L<CGI(3)>)
|
||||
print "...";
|
||||
print '<form method="POST">';
|
||||
# In your form, the following value is required for redirection
|
||||
print '<input type="hidden" name="url" value="'.$portal->param('url').'">';
|
||||
# Next, login and password
|
||||
print 'Login : <input name="user"><br>';
|
||||
print 'Password : <input name="password" type="password" autocomplete="off">';
|
||||
print '<input type="submit" value="go" />';
|
||||
print '</form>';
|
||||
}
|
||||
|
||||
Modify your httpd.conf:
|
||||
|
||||
<Location /My/File>
|
||||
SSLVerifyClient require
|
||||
SSLOptions +ExportCertData +CompatEnvVars +StdEnvVars
|
||||
</Location>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
This library just overload few methods of L<>Lemonldap::NG::Portal::SharedConf>
|
||||
to add Cross Domain Authentication. Handlers that are not used in the same
|
||||
domain than the portal must inherit from L<>Lemonldap::NG::Handler::CDA>.
|
||||
|
||||
See L<Lemonldap::NG::Portal::SharedConf> for usage and other methods.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<Lemonldap::NG::SharedConf>, L<Lemonldap::NG::Handler>,
|
||||
L<Lemonldap::NG::Handler::CDA>
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
||||
at your option, any later version of Perl 5 you may have available.
|
||||
|
||||
=cut
|
||||
|
|
@ -231,7 +231,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
||||
|
|
|
@ -89,7 +89,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||
Copyright (C) 2005-2006 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
||||
|
|
|
@ -11,7 +11,7 @@ use MIME::Base64;
|
|||
use CGI;
|
||||
use CGI::Cookie;
|
||||
|
||||
our $VERSION = '0.61';
|
||||
our $VERSION = '0.62';
|
||||
|
||||
our @ISA = qw(CGI Exporter);
|
||||
|
||||
|
@ -32,11 +32,11 @@ sub PE_BADCERTIFICATE { 10 }
|
|||
# EXPORTER PARAMETERS
|
||||
our %EXPORT_TAGS = (
|
||||
'all' => [
|
||||
qw( PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
|
||||
qw( PE_DONE PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
|
||||
PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE import )
|
||||
],
|
||||
'constants' => [
|
||||
qw( PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
|
||||
qw( PE_DONE PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
|
||||
PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE )
|
||||
],
|
||||
);
|
||||
|
@ -44,7 +44,7 @@ our %EXPORT_TAGS = (
|
|||
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
|
||||
|
||||
our @EXPORT =
|
||||
qw( PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
|
||||
qw( PE_DONE PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
|
||||
PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE import );
|
||||
|
||||
# CONSTRUCTOR
|
||||
|
@ -193,8 +193,8 @@ sub controlUrlOrigin {
|
|||
}
|
||||
|
||||
# 2. Control existing sessions
|
||||
# TODO: what to do with existing sessions ?
|
||||
# - delete and create a new session
|
||||
# what to do with existing sessions ?
|
||||
# - delete and create a new session (default)
|
||||
# - re-authentication (actual scheme)
|
||||
# - nothing: user is authenticated and process
|
||||
# returns true
|
||||
|
@ -700,7 +700,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
Copyright (C) 2005, 2006, 2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||
|
||||
This library is free software; you can redistribute it and/or modify
|
||||
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
# Before `make install' is performed this script should be runnable with
|
||||
# `make test'. After `make install' it should work as `perl Lemonldap-NG-Portal.t'
|
||||
|
||||
#########################
|
||||
|
||||
# change 'tests => 1' to 'tests => last_test_to_print';
|
||||
|
||||
use Test::More tests => 1;
|
||||
BEGIN { use_ok('Lemonldap::NG::Portal::CDA') };
|
||||
|
||||
#########################
|
||||
|
||||
# Insert your test code below, the Test::More module is use()ed here so read
|
||||
# its man page ( perldoc Test::More ) for help writing this test script.
|
||||
|
Loading…
Reference in New Issue