New feature in Portal: Cross-Domain-Authentication (Lemonldap::NG::Portal::CDA).
This commit is contained in:
parent
670f44c91b
commit
9a8d380ad7
|
@ -2,6 +2,7 @@ Changes
|
||||||
example/index.pl
|
example/index.pl
|
||||||
lib/Lemonldap/NG/Portal.pm
|
lib/Lemonldap/NG/Portal.pm
|
||||||
lib/Lemonldap/NG/Portal/AuthSSL.pm
|
lib/Lemonldap/NG/Portal/AuthSSL.pm
|
||||||
|
lib/Lemonldap/NG/Portal/CDA.pm
|
||||||
lib/Lemonldap/NG/Portal/SharedConf.pm
|
lib/Lemonldap/NG/Portal/SharedConf.pm
|
||||||
lib/Lemonldap/NG/Portal/SharedConf/DBI.pm
|
lib/Lemonldap/NG/Portal/SharedConf/DBI.pm
|
||||||
lib/Lemonldap/NG/Portal/Simple.pm
|
lib/Lemonldap/NG/Portal/Simple.pm
|
||||||
|
@ -10,6 +11,7 @@ MANIFEST
|
||||||
META.yml Module meta-data (added by MakeMaker)
|
META.yml Module meta-data (added by MakeMaker)
|
||||||
README
|
README
|
||||||
t/Lemonldap-NG-Portal-AuthSSL.t
|
t/Lemonldap-NG-Portal-AuthSSL.t
|
||||||
|
t/Lemonldap-NG-Portal-CDA.t
|
||||||
t/Lemonldap-NG-Portal-SharedConf-DBI.t
|
t/Lemonldap-NG-Portal-SharedConf-DBI.t
|
||||||
t/Lemonldap-NG-Portal-SharedConf.t
|
t/Lemonldap-NG-Portal-SharedConf.t
|
||||||
t/Lemonldap-NG-Portal-Simple.t
|
t/Lemonldap-NG-Portal-Simple.t
|
||||||
|
|
|
@ -2,7 +2,7 @@ package Lemonldap::NG::Portal;
|
||||||
|
|
||||||
print STDERR
|
print STDERR
|
||||||
"See Lemonldap::NG::Portal(3) to know which Lemonldap::NG::Portal::* module to use.";
|
"See Lemonldap::NG::Portal(3) to know which Lemonldap::NG::Portal::* module to use.";
|
||||||
our $VERSION = "0.61";
|
our $VERSION = "0.62";
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
||||||
|
@ -280,7 +280,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
||||||
|
|
||||||
=head1 COPYRIGHT AND LICENSE
|
=head1 COPYRIGHT AND LICENSE
|
||||||
|
|
||||||
Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||||
|
|
||||||
This library is free software; you can redistribute it and/or modify
|
This library is free software; you can redistribute it and/or modify
|
||||||
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
||||||
|
|
|
@ -42,7 +42,8 @@ compatible portals with SSL authentication.
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
|
||||||
With Lemonldap::NG::Portal::SharedConf::DBI, set authentication field to "SSL".
|
With Lemonldap::NG::Portal::SharedConf, set authentication field to "SSL" in
|
||||||
|
configuration database.
|
||||||
|
|
||||||
With Lemonldap::NG::Portal::Simple:
|
With Lemonldap::NG::Portal::Simple:
|
||||||
|
|
||||||
|
@ -104,7 +105,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
||||||
|
|
||||||
=head1 COPYRIGHT AND LICENSE
|
=head1 COPYRIGHT AND LICENSE
|
||||||
|
|
||||||
Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||||
|
|
||||||
This library is free software; you can redistribute it and/or modify
|
This library is free software; you can redistribute it and/or modify
|
||||||
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
||||||
|
|
113
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDA.pm
Normal file
113
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDA.pm
Normal file
|
@ -0,0 +1,113 @@
|
||||||
|
package Lemonldap::NG::Portal::CDA;
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use Lemonldap::NG::Portal::SharedConf qw(:all);
|
||||||
|
|
||||||
|
our $VERSION = '0.01';
|
||||||
|
our @ISA = ('Lemonldap::NG::Portal::SharedConf');
|
||||||
|
|
||||||
|
*EXPORT_OK = *Lemonldap::NG::Portal::SharedConf::EXPORT_OK;
|
||||||
|
*EXPORT_TAGS = *Lemonldap::NG::Portal::SharedConf::EXPORT_TAGS;
|
||||||
|
*EXPORT = *Lemonldap::NG::Portal::SharedConf::EXPORT;
|
||||||
|
|
||||||
|
##################
|
||||||
|
# OVERLOADED SUB #
|
||||||
|
##################
|
||||||
|
|
||||||
|
# 2. Existing sessions are validated so users coming from an other domain
|
||||||
|
# are not re-prompted
|
||||||
|
sub existingSession {
|
||||||
|
my ($self, $id, $datas) = @_;
|
||||||
|
PE_DONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
# 16. If the user was redirected to the portal, we will now redirect him
|
||||||
|
# to the requested URL. If it does not come from our domain, we add
|
||||||
|
# ID in URL
|
||||||
|
sub autoRedirect {
|
||||||
|
my $self = shift;
|
||||||
|
my $tmp = $self->{domain};
|
||||||
|
$self->{urldc} .= ";".$self->{cookieName}."=".$self->{id} if($self->{urldc} !~ /$tmp$/oi);
|
||||||
|
return $self->SUPER::autoredirect(@_);
|
||||||
|
}
|
||||||
|
|
||||||
|
1;
|
||||||
|
__END__
|
||||||
|
|
||||||
|
=head1 NAME
|
||||||
|
|
||||||
|
Lemonldap::NG::Portal::CDA - Perl extension for building Lemonldap::NG
|
||||||
|
compatible portals with Cross Domain Authentication.
|
||||||
|
|
||||||
|
=head1 SYNOPSIS
|
||||||
|
|
||||||
|
use Lemonldap::NG::Portal::SharedConf;
|
||||||
|
my $portal = new Lemonldap::NG::Portal::SharedConf( {
|
||||||
|
configStorage => {
|
||||||
|
type => 'DBI',
|
||||||
|
dbiChain => "dbi:mysql:...",
|
||||||
|
dbiUser => "lemonldap",
|
||||||
|
dbiPassword => "password",
|
||||||
|
dbiTable => "lmConfig",
|
||||||
|
},
|
||||||
|
} );
|
||||||
|
|
||||||
|
if($portal->process()) {
|
||||||
|
# Write here the menu with CGI methods. This page is displayed ONLY IF
|
||||||
|
# the user was not redirected here.
|
||||||
|
print $portal->header; # DON'T FORGET THIS (see L<CGI(3)>)
|
||||||
|
print "...";
|
||||||
|
|
||||||
|
# or redirect the user to the menu
|
||||||
|
print $portal->redirect( -uri => 'https://portal/menu');
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
# Write here the html form used to authenticate with CGI methods.
|
||||||
|
# $portal->error returns the error message if athentification failed
|
||||||
|
# Warning: by defaut, input names are "user" and "password"
|
||||||
|
print $portal->header; # DON'T FORGET THIS (see L<CGI(3)>)
|
||||||
|
print "...";
|
||||||
|
print '<form method="POST">';
|
||||||
|
# In your form, the following value is required for redirection
|
||||||
|
print '<input type="hidden" name="url" value="'.$portal->param('url').'">';
|
||||||
|
# Next, login and password
|
||||||
|
print 'Login : <input name="user"><br>';
|
||||||
|
print 'Password : <input name="password" type="password" autocomplete="off">';
|
||||||
|
print '<input type="submit" value="go" />';
|
||||||
|
print '</form>';
|
||||||
|
}
|
||||||
|
|
||||||
|
Modify your httpd.conf:
|
||||||
|
|
||||||
|
<Location /My/File>
|
||||||
|
SSLVerifyClient require
|
||||||
|
SSLOptions +ExportCertData +CompatEnvVars +StdEnvVars
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
|
This library just overload few methods of L<>Lemonldap::NG::Portal::SharedConf>
|
||||||
|
to add Cross Domain Authentication. Handlers that are not used in the same
|
||||||
|
domain than the portal must inherit from L<>Lemonldap::NG::Handler::CDA>.
|
||||||
|
|
||||||
|
See L<Lemonldap::NG::Portal::SharedConf> for usage and other methods.
|
||||||
|
|
||||||
|
=head1 SEE ALSO
|
||||||
|
|
||||||
|
L<Lemonldap::NG::SharedConf>, L<Lemonldap::NG::Handler>,
|
||||||
|
L<Lemonldap::NG::Handler::CDA>
|
||||||
|
|
||||||
|
=head1 AUTHOR
|
||||||
|
|
||||||
|
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
||||||
|
|
||||||
|
=head1 COPYRIGHT AND LICENSE
|
||||||
|
|
||||||
|
Copyright (C) 2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||||
|
|
||||||
|
This library is free software; you can redistribute it and/or modify
|
||||||
|
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
||||||
|
at your option, any later version of Perl 5 you may have available.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
|
@ -231,7 +231,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
||||||
|
|
||||||
=head1 COPYRIGHT AND LICENSE
|
=head1 COPYRIGHT AND LICENSE
|
||||||
|
|
||||||
Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||||
|
|
||||||
This library is free software; you can redistribute it and/or modify
|
This library is free software; you can redistribute it and/or modify
|
||||||
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
||||||
|
|
|
@ -89,7 +89,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
||||||
|
|
||||||
=head1 COPYRIGHT AND LICENSE
|
=head1 COPYRIGHT AND LICENSE
|
||||||
|
|
||||||
Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
Copyright (C) 2005-2006 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||||
|
|
||||||
This library is free software; you can redistribute it and/or modify
|
This library is free software; you can redistribute it and/or modify
|
||||||
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
||||||
|
|
|
@ -11,7 +11,7 @@ use MIME::Base64;
|
||||||
use CGI;
|
use CGI;
|
||||||
use CGI::Cookie;
|
use CGI::Cookie;
|
||||||
|
|
||||||
our $VERSION = '0.61';
|
our $VERSION = '0.62';
|
||||||
|
|
||||||
our @ISA = qw(CGI Exporter);
|
our @ISA = qw(CGI Exporter);
|
||||||
|
|
||||||
|
@ -32,11 +32,11 @@ sub PE_BADCERTIFICATE { 10 }
|
||||||
# EXPORTER PARAMETERS
|
# EXPORTER PARAMETERS
|
||||||
our %EXPORT_TAGS = (
|
our %EXPORT_TAGS = (
|
||||||
'all' => [
|
'all' => [
|
||||||
qw( PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
|
qw( PE_DONE PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
|
||||||
PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE import )
|
PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE import )
|
||||||
],
|
],
|
||||||
'constants' => [
|
'constants' => [
|
||||||
qw( PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
|
qw( PE_DONE PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
|
||||||
PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE )
|
PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE )
|
||||||
],
|
],
|
||||||
);
|
);
|
||||||
|
@ -44,7 +44,7 @@ our %EXPORT_TAGS = (
|
||||||
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
|
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
|
||||||
|
|
||||||
our @EXPORT =
|
our @EXPORT =
|
||||||
qw( PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
|
qw( PE_DONE PE_OK PE_SESSIONEXPIRED PE_FORMEMPTY PE_WRONGMANAGERACCOUNT PE_USERNOTFOUND PE_BADCREDENTIALS
|
||||||
PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE import );
|
PE_LDAPCONNECTFAILED PE_LDAPERROR PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE import );
|
||||||
|
|
||||||
# CONSTRUCTOR
|
# CONSTRUCTOR
|
||||||
|
@ -193,8 +193,8 @@ sub controlUrlOrigin {
|
||||||
}
|
}
|
||||||
|
|
||||||
# 2. Control existing sessions
|
# 2. Control existing sessions
|
||||||
# TODO: what to do with existing sessions ?
|
# what to do with existing sessions ?
|
||||||
# - delete and create a new session
|
# - delete and create a new session (default)
|
||||||
# - re-authentication (actual scheme)
|
# - re-authentication (actual scheme)
|
||||||
# - nothing: user is authenticated and process
|
# - nothing: user is authenticated and process
|
||||||
# returns true
|
# returns true
|
||||||
|
@ -700,7 +700,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
||||||
|
|
||||||
=head1 COPYRIGHT AND LICENSE
|
=head1 COPYRIGHT AND LICENSE
|
||||||
|
|
||||||
Copyright (C) 2005, 2006, 2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
|
||||||
|
|
||||||
This library is free software; you can redistribute it and/or modify
|
This library is free software; you can redistribute it and/or modify
|
||||||
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
||||||
|
|
15
modules/lemonldap-ng-portal/t/Lemonldap-NG-Portal-CDA.t
Normal file
15
modules/lemonldap-ng-portal/t/Lemonldap-NG-Portal-CDA.t
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# Before `make install' is performed this script should be runnable with
|
||||||
|
# `make test'. After `make install' it should work as `perl Lemonldap-NG-Portal.t'
|
||||||
|
|
||||||
|
#########################
|
||||||
|
|
||||||
|
# change 'tests => 1' to 'tests => last_test_to_print';
|
||||||
|
|
||||||
|
use Test::More tests => 1;
|
||||||
|
BEGIN { use_ok('Lemonldap::NG::Portal::CDA') };
|
||||||
|
|
||||||
|
#########################
|
||||||
|
|
||||||
|
# Insert your test code below, the Test::More module is use()ed here so read
|
||||||
|
# its man page ( perldoc Test::More ) for help writing this test script.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user