I am following https://twiki.org/cgi-bin/view/TWiki/HowToEnableSingleSignOn to enable SSO for my twiki installation.
I am not able to currently make out where and how to define mapping config for REMOTE_USER as per step 6 given in mentioned blog above.
I have edited below config files as part of this exercise -
/httpd/conf/httpd.conf
/twiki/twiki.conf
/etc/shibboleth/shibboleth2.xml
twiki/lib/LocalSite.cfg
twiki/bin/.htaccess.txt
I am able to create/register users and login for my twiki installation and now i want to enable SSO using shibboleth.
Please help me with above query if anyone has done a similar exercise.
Related
I have an apache that already uses Shibboleth SP for authentication and am now trying to configure it to use mod_authnz_ldap for authorization. I'm not positive this would work, but would I'd like to do is, get the user's ID (which shibboleth sets at env variable and header) and provide it to a ldap-filter, some thing like
Require ldap-filter &(uid=${ENV_UID})(department=marketing)
IE, the current user would only be authorized if he/she is in marketing.
Unfortunately the IDP can't expose this data (otherwise I would just use Shibboleth to do authorization). Does anyone have experience with using environment variables or header values in mod_authnz_ldap? Or any apache mods for that matter? Is it possible?
Thanks for your time.
According the Apache Documentation for mod_authnz_ldap, the use of expressions in LDAP require directives is available as of version 2.4.8.
Make sure you're running the latest Apache, if you are, try increasing the logging levels and double check some settings.
Edit: I tested the new functionality on 2.4.18, and there appears to be a regression in the new feature. I opened a bug report accordingly.
Currently, I have decided to use Drupal as the primary login area where users can do stuff. Problem is, I want to automatically allow for the logging in of users using their cpanel, whm or whmcs login details. Anyone?
I really don't suggest you to do this.
You will only introduce more risks to all your systems, even if Drupal is a very secure system.
There are sometimes authentication security issues, with cPanel drupal and whmcs. Now, imagine those security issues + the ones of drupal, + the ones on whmcs...
...with all these insecurity layers combined, it's a real security bomb, and not something that will help your customers that much you are going to create. ...plus your modules for this will probably experience someday security issues also.
I suggest to take a look at other web hosts : if they don't do this, and if even whmcs do not bridge with vbulletin on their own website, there is a reason for this! ;-)
There seems to be no module for this.
Also Drupal seems not to provide a direct way to connect 3rd party login systems.
Having a look at the LDAP integration (file ldapauth.module) in the package, you can use the hook hook_form_alter. The check whether the form is using user_login_authenticate_validate in the validate entry and replace it with their own authentication function.
Basically you can use the ldapauth.module file as a basis and start with the ldapauth_login_authenticate_validate function.
In this function you have to add code that uses $form_values['name']; and $form_values['pass'] and verify them against your cPanel database.
A completly different approach would be to write a cPanel module to create Drupal users and update the accounts. To get started you can have a look at writing cPanel modules.
Okay I'm a little confused on how to do this due to the fact that I'm new to Joomla.
I have a site where users need to be logged in to view certain articles. I want restricted articles to basically pick up weather or not the user is logged in, if so proceed as normal, else display a login/registration form.
I looked at the plugins section and found a "Joomla-Authentication" plugin. Now, how do I use that in an article in the same fashion I use other plugins in article? i.E {plugin_name}params{/plugin_name}
NO... You do not need plugin for this AT ALL.
In Joomla you have "Access Type" for modules/articles/pretty much everything.
Public - Visitors
Registered - logged in users
Special - back-end users
In Back-End go to Modules and create new Log-In module. In the access type selected "Public".
When you create articles select "Registered Access" this way only signed-in users will see the article.
This will help you. Log-In the admin Back-End (Administrator Screen), go to Help->Joomla Help. In the Alphabetical Index find following topics:
Module Manager (it explains access types)
Module - New
Article Manager (it explains access types)
Article Manager - New/Edit
I found a solution that works for me. I downloaded and installed JUMI. Jumi is a Joomla extension that allows you to include files such as php and then executes the code in those files. Through PHP I check user access and do redirects accordingly.
JUMI can be downloaded here
I've had a trac server running for about a year now - chugging along just as expected. Today, I implemented basic authorization on the apache server that trac runs under.
Trac now picks up the user as authenticated by Apache, and doesn't allow either logout or a login.
I tried to create an apache user with the same name and password as a trac user, but the behavior remained - I can't access trac.
How do I align trac with Apache authorization?
One of the drawbacks of HttpAuth is the inability to log out (short of closing your browser, or clearing browser auth). You probably want to grab AccountManagerPlugin from trac-hacks.org and set it up with the form-based login. That gives you the ability to log out.
You will need to point trac to the htpasswd file for Apache users and then set permissions to access the login page through Apache. You can find more information here.
I was googling for tools for checking broken links in a remote web page. The w3c validator seemed a good one. But I am still unsure as how to check for pages which are restricted, i.e. the pages which I can only access by logging in to the site. Can we do that using the w3c validator? If not than is there any other tool for the same?
For basic authentication the online validator will proxy it and prompt you to logon, alternatively see this post.
Sometimes you can specify the login details in the URL: username:password#url.to.the.site. This I believe only will work if you are using a .htaccess file for logins.