ldap://mams.melcoe.mq.edu.au:636
Index: lams_central/conf/language/lams/ApplicationResources.properties
===================================================================
RCS file: /usr/local/cvsroot/lams_central/conf/language/lams/ApplicationResources.properties,v
diff -u -r1.1.2.3 -r1.1.2.4
--- lams_central/conf/language/lams/ApplicationResources.properties 7 Jun 2007 02:12:33 -0000 1.1.2.3
+++ lams_central/conf/language/lams/ApplicationResources.properties 12 Jul 2007 02:53:10 -0000 1.1.2.4
@@ -180,7 +180,7 @@
flash.min.error =The Flash Player plugin version 7 or higher is required.
flash.download.player =Download Flash Player
audit.user.password.change =Password changed for: {0}
-shibboleth.username.taken = Shibboleth username taken
+shibboleth.login.error = Shibboleth login error has occurred.
title.author.window =LAMS :: Author
#======= End labels: Exported 174 labels for en AU =====
Index: lams_central/conf/language/lams/ApplicationResources_en_AU.properties
===================================================================
RCS file: /usr/local/cvsroot/lams_central/conf/language/lams/ApplicationResources_en_AU.properties,v
diff -u -r1.1.2.3 -r1.1.2.4
--- lams_central/conf/language/lams/ApplicationResources_en_AU.properties 7 Jun 2007 02:12:32 -0000 1.1.2.3
+++ lams_central/conf/language/lams/ApplicationResources_en_AU.properties 12 Jul 2007 02:53:10 -0000 1.1.2.4
@@ -180,7 +180,7 @@
flash.min.error =The Flash Player plugin version 7 or higher is required.
flash.download.player =Download Flash Player
audit.user.password.change =Password changed for: {0}
-shibboleth.username.taken = Shibboleth username taken
+shibboleth.login.error = Shibboleth login error has occurred.
title.author.window =LAMS :: Author
Index: lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java
===================================================================
RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java,v
diff -u -r1.13.2.2 -r1.13.2.3
--- lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java 7 Jun 2007 05:02:07 -0000 1.13.2.2
+++ lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java 12 Jul 2007 02:53:10 -0000 1.13.2.3
@@ -143,7 +143,7 @@
this.dsJndiName = method.getParameterByName("dsJndiName").getValue();
this.rolesQuery = method.getParameterByName("rolesQuery").getValue();
} catch (Exception e) {
- log.debug("===>Exception : " + e);
+ log.error("===> Error retrieving authentication method parameters : " + e);
return false;
}
@@ -174,11 +174,6 @@
isValid = authenticator.authenticate(username,inputPassword);
log.debug("===> WEBAUTH :: user:" + username + ":"
+ inputPassword + " authenticated! ");
- } else if ("SHIBBOLETH".equals(type)) {
- log.debug("===> SHIBBOLETH :: " + username);
- // Shibboleth handles password authentication, we assume user is
- // already authenticated at this point
- isValid = true;
} else {
log.debug("Unexpected authentication type!");
return false;
Index: lams_central/src/java/org/lamsfoundation/lams/web/ShibLoginServlet.java
===================================================================
RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/web/Attic/ShibLoginServlet.java,v
diff -u -r1.1.2.4 -r1.1.2.5
--- lams_central/src/java/org/lamsfoundation/lams/web/ShibLoginServlet.java 20 Apr 2007 06:04:21 -0000 1.1.2.4
+++ lams_central/src/java/org/lamsfoundation/lams/web/ShibLoginServlet.java 12 Jul 2007 02:53:11 -0000 1.1.2.5
@@ -21,6 +21,7 @@
package org.lamsfoundation.lams.web;
import java.io.IOException;
+import java.net.URL;
import java.util.Date;
import java.util.Enumeration;
@@ -30,6 +31,9 @@
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
+import org.lamsfoundation.lams.federation.FederationException;
+import org.lamsfoundation.lams.federation.FederationServer;
+import org.lamsfoundation.lams.federation.service.IFederationService;
import org.lamsfoundation.lams.usermanagement.AuthenticationMethod;
import org.lamsfoundation.lams.usermanagement.User;
import org.lamsfoundation.lams.usermanagement.service.UserManagementService;
@@ -38,30 +42,27 @@
import org.springframework.web.context.support.WebApplicationContextUtils;
/**
- * This servlet's URL should be protected by Shibboleth, i.e. require
- * user to go through Shibboleth authentication before accessing this servlet.
- *
* @author jliew
*
*/
public class ShibLoginServlet extends HttpServlet {
private static Logger log = Logger.getLogger(ShibLoginServlet.class);
private static UserManagementService service = null;
- private static Configuration configurationService = null;
+ private static IFederationService fedService = null;
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
- if (service ==null) {
+ if (service == null) {
service = (UserManagementService)WebApplicationContextUtils
.getRequiredWebApplicationContext(getServletContext()).getBean("userManagementServiceTarget");
}
- if (configurationService == null) {
- configurationService = (Configuration)WebApplicationContextUtils
+ if (fedService == null) {
+ fedService = (IFederationService)WebApplicationContextUtils
.getRequiredWebApplicationContext(getServletContext())
- .getBean("configurationService");
+ .getBean("federationService");
}
// debug request headers
@@ -78,26 +79,27 @@
String firstname = request.getHeader(Configuration.get(ConfigurationKeys.SHIB_ATTR_FNAME));
String lastname = request.getHeader(Configuration.get(ConfigurationKeys.SHIB_ATTR_LNAME));
String roles = request.getHeader(Configuration.get(ConfigurationKeys.SHIB_ATTR_ROLES));
+ // this attribute included by default on all protected resources; is the providerId of the IdP
+ String identityProvider = request.getHeader("Shib-Identity-Provider");
-
if (username != null && username.trim().length()>0) {
User user = service.getUserByLogin(username);
if (user != null) {
- log.info("Shib username exists!");
- // If user is a shib user, login
- if (user.getAuthenticationMethod().equals(service.findById(AuthenticationMethod.class, AuthenticationMethod.SHIBBOLETH))) {
- response.sendRedirect("j_security_check?j_username="+username+"&j_password=dummy");
- } else {
- log.info("Shib username already exists and isn't set to authenticate via Shibboleth - redirecting user to login page.");
- // flag so that login.jsp knows not to redirect user to this servlet again
- request.getSession().setAttribute("shibLoginExists", "true");
+ // user is authenticated by Shibboleth IdP
+ response.sendRedirect("j_security_check?j_username="+username+"&j_password="+user.getPassword());
+ } else {
+ // create user account for new shib user;
+ // prefix usernames with their origin server's fedId so as not to mix up with local usernames
+ String newUsername = null;
+ try {
+ newUsername = getUsername(username, identityProvider);
+ } catch (FederationException e) {
+ request.getSession().setAttribute("shibLoginError", "true");
response.sendRedirect("/lams/");
}
- } else {
- // create user account for new shib user
- log.info("Creating new user: "+username);
+ log.info("Creating new user: "+newUsername);
user = new User();
- user.setLogin(username);
+ user.setLogin(newUsername);
user.setPassword("dummy");
if (firstname != null && firstname.trim().length()>0) {
user.setFirstName(firstname);
@@ -111,7 +113,7 @@
}
user.setEmail(username);
user.setAuthenticationMethod((AuthenticationMethod)
- service.findById(AuthenticationMethod.class, AuthenticationMethod.SHIBBOLETH));
+ service.findById(AuthenticationMethod.class, AuthenticationMethod.DB));
user.setChangePassword(false);
user.setDisabledFlag(false);
user.setLocale(service.getDefaultLocale());
@@ -120,17 +122,37 @@
user.setCreateDate(new Date());
service.save(user);
- // TODO check preconditions?
-
response.sendRedirect("j_security_check?j_username="+username+"&j_password=dummy");
}
} else {
- // we shouldn't reach here since login.jsp only redirects here when the shib request header
- // containing username is not null; set a session attribute flag anyway so that user doesn't get
- // continuously redirected
+ // somehow lost shib username attribute, send back to login page
log.error("Couldn't get a username from shibboleth header: "+Configuration.get(ConfigurationKeys.SHIB_ATTR_LOGIN));
- request.getSession().setAttribute("shibLoginExists", "true");
response.sendRedirect("/lams/");
}
}
+
+ private String getHost(String url) {
+ if (url == null) {
+ log.error("Couldn't get host from url.");
+ return url;
+ } else {
+ int doubleSlash = url.indexOf("//");
+ if (doubleSlash > 0) {
+ url = url.substring(doubleSlash+2);
+ }
+ int firstSlash = url.indexOf('/');
+ return (firstSlash > 0 ? url.substring(0, firstSlash) : url);
+ }
+ }
+
+ private String getUsername(String username, String providerId) throws FederationException {
+ try {
+ String host = getHost(providerId);
+ FederationServer fedServer = fedService.getFedServerByURLHost(host);
+ return fedServer.getFedId()+username;
+ } catch (FederationException e) {
+ log.error("Couldn't create prefixed username: "+e);
+ }
+ return null;
+ }
}
Index: lams_central/web/login.jsp
===================================================================
RCS file: /usr/local/cvsroot/lams_central/web/login.jsp,v
diff -u -r1.26.2.6 -r1.26.2.7
--- lams_central/web/login.jsp 7 Jun 2007 04:46:23 -0000 1.26.2.6
+++ lams_central/web/login.jsp 12 Jul 2007 02:53:10 -0000 1.26.2.7
@@ -11,10 +11,14 @@
return;
}
- String shibUsername = (String) request.getHeader("LAMS-Login");
- String shibLoginExists = (String) session.getAttribute("shibLoginExists");
- if (shibUsername != null && shibUsername.trim().length()>0 && shibLoginExists != "true") {
- response.sendRedirect("ShibLogin");
+ String shibEnabled = (String) Configuration.get(ConfigurationKeys.SHIB_ENABLED);
+ String shibLoginError = null;
+ if (shibEnabled.equals("true")) {
+ String shibUsername = (String) request.getHeader(Configuration.get(ConfigurationKeys.SHIB_ATTR_LOGIN));
+ shibLoginError = (String) session.getAttribute("shibLoginError");
+ if (shibUsername != null && shibUsername.trim().length() > 0 && shibLoginError != "true") {
+ response.sendRedirect("ShibLogin");
+ }
}
/*String webAuthUser = (String) session.getAttribute("WEBAUTH_USER");
@@ -132,13 +136,13 @@
- <% if (shibLoginExists == "false") { %>
+ <% if (shibLoginError == "false") { %>
<% } %>
- <% if (shibLoginExists == "true") { %>
+ <% if (shibLoginError == "true") { %>
- : <%= shibUsername %>
+
<% } %>
:
Index: lams_common/db/sql/insert_lams_unix_config_data.sql
===================================================================
RCS file: /usr/local/cvsroot/lams_common/db/sql/insert_lams_unix_config_data.sql,v
diff -u -r1.6.2.2 -r1.6.2.3
--- lams_common/db/sql/insert_lams_unix_config_data.sql 9 Jul 2007 07:20:03 -0000 1.6.2.2
+++ lams_common/db/sql/insert_lams_unix_config_data.sql 12 Jul 2007 02:53:12 -0000 1.6.2.3
@@ -39,4 +39,5 @@
insert into lams_configuration (config_key, config_value) values ('FedRegistryURL','http://192.168.111.55:8081');
insert into lams_configuration (config_key, config_value) values ('FedKey','blah');
insert into lams_configuration (config_key, config_value) values ('ShibIdPSSOHandler','https://olive.lamsfoundation.org/shibboleth-idp/SSO');
-insert into lams_configuration (config_key, config_value) values ('ShibIdPEntityId','https://olive.lamsfoundation.org/shibboleth');
\ No newline at end of file
+insert into lams_configuration (config_key, config_value) values ('ShibIdPEntityId','https://olive.lamsfoundation.org/shibboleth');
+insert into lams_configuration (config_key, config_value) values ('ShibEnabled','true');
\ No newline at end of file
Index: lams_common/db/sql/insert_lams_windows_config_data.sql
===================================================================
RCS file: /usr/local/cvsroot/lams_common/db/sql/insert_lams_windows_config_data.sql,v
diff -u -r1.3.2.2 -r1.3.2.3
--- lams_common/db/sql/insert_lams_windows_config_data.sql 9 Jul 2007 07:20:03 -0000 1.3.2.2
+++ lams_common/db/sql/insert_lams_windows_config_data.sql 12 Jul 2007 02:53:12 -0000 1.3.2.3
@@ -39,4 +39,5 @@
insert into lams_configuration (config_key, config_value) values ('FedRegistryURL','http://192.168.111.55:8081');
insert into lams_configuration (config_key, config_value) values ('FedKey','blah');
insert into lams_configuration (config_key, config_value) values ('ShibIdPSSOHandler','https://olive.lamsfoundation.org/shibboleth-idp/SSO');
-insert into lams_configuration (config_key, config_value) values ('ShibIdPEntityId','https://olive.lamsfoundation.org/shibboleth');
\ No newline at end of file
+insert into lams_configuration (config_key, config_value) values ('ShibIdPEntityId','https://olive.lamsfoundation.org/shibboleth');
+insert into lams_configuration (config_key, config_value) values ('ShibEnabled','true');
Index: lams_common/db/sql/insert_types_data.sql
===================================================================
RCS file: /usr/local/cvsroot/lams_common/db/sql/insert_types_data.sql,v
diff -u -r1.62.2.3 -r1.62.2.4
--- lams_common/db/sql/insert_types_data.sql 7 Jun 2007 01:28:36 -0000 1.62.2.3
+++ lams_common/db/sql/insert_types_data.sql 12 Jul 2007 02:53:12 -0000 1.62.2.4
@@ -49,7 +49,6 @@
INSERT INTO lams_auth_method_type VALUES(1, 'LAMS');
INSERT INTO lams_auth_method_type VALUES(2, 'WEB_AUTH');
INSERT INTO lams_auth_method_type VALUES(3, 'LDAP');
-INSERT INTO lams_auth_method_type VALUES(4, 'SHIBBOLETH');
INSERT INTO lams_organisation_type VALUES(1, 'ROOT ORGANISATION', 'root all other organisations: controlled by Sysadmin');
INSERT INTO lams_organisation_type VALUES(2, 'COURSE ORGANISATION', 'main organisation level - equivalent to an entire course.');
@@ -111,7 +110,6 @@
INSERT INTO lams_authentication_method VALUES (1, 1, 'LAMS-Database');
INSERT INTO lams_authentication_method VALUES (2, 2, 'Oxford-WebAuth');
INSERT INTO lams_authentication_method VALUES (3, 3, 'MQ-LDAP');
-INSERT INTO lams_authentication_method VALUES (4, 4, 'Shibboleth');
INSERT INTO lams_activity_category VALUES (1 ,'SYSTEM');
INSERT INTO lams_activity_category VALUES (2 ,'COLLABORATION');
Index: lams_common/src/java/org/lamsfoundation/lams/federation/service/FederationService.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/federation/service/Attic/FederationService.java,v
diff -u -r1.1.2.7 -r1.1.2.8
--- lams_common/src/java/org/lamsfoundation/lams/federation/service/FederationService.java 4 Jul 2007 06:11:35 -0000 1.1.2.7
+++ lams_common/src/java/org/lamsfoundation/lams/federation/service/FederationService.java 12 Jul 2007 02:53:11 -0000 1.1.2.8
@@ -347,4 +347,17 @@
log.error("Invalid federation registry URL: "+url, e);
}
}
+
+ public FederationServer getFedServerByURLHost(String host) throws FederationException {
+ HashMap properties = new HashMap();
+ properties.put("url", host);
+ List list = service.searchByStringProperties(FederationServer.class, properties);
+ if (list == null || list.isEmpty()) {
+ return null;
+ } else if (list.size() == 1) {
+ return (FederationServer)list.get(0);
+ } else {
+ throw new FederationException("Found more than 1 FederationServer with the hostname: "+host);
+ }
+ }
}
Index: lams_common/src/java/org/lamsfoundation/lams/federation/service/IFederationService.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/federation/service/Attic/IFederationService.java,v
diff -u -r1.1.2.6 -r1.1.2.7
--- lams_common/src/java/org/lamsfoundation/lams/federation/service/IFederationService.java 4 Jul 2007 06:11:35 -0000 1.1.2.6
+++ lams_common/src/java/org/lamsfoundation/lams/federation/service/IFederationService.java 12 Jul 2007 02:53:11 -0000 1.1.2.7
@@ -104,4 +104,12 @@
* @throws FederationException
*/
public void updateFederationRegistry() throws FederationException;
+
+ /**
+ * Finds the fedServer whose URL matches the given host.
+ * @param host
+ * @return
+ * @throws FederationException
+ */
+ public FederationServer getFedServerByURLHost(String host) throws FederationException;
}
Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/AuthenticationMethod.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/usermanagement/AuthenticationMethod.java,v
diff -u -r1.7.2.1 -r1.7.2.2
--- lams_common/src/java/org/lamsfoundation/lams/usermanagement/AuthenticationMethod.java 30 Mar 2007 00:09:30 -0000 1.7.2.1
+++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/AuthenticationMethod.java 12 Jul 2007 02:53:11 -0000 1.7.2.2
@@ -42,7 +42,6 @@
public static final Integer DB = 1;
public static final Integer WEBAUTH = 2;
public static final Integer LDAP = 3;
- public static final Integer SHIBBOLETH = 4;
/** identifier field */
private Integer authenticationMethodId;
Index: lams_common/src/java/org/lamsfoundation/lams/util/ConfigurationKeys.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/util/ConfigurationKeys.java,v
diff -u -r1.23.2.4 -r1.23.2.5
--- lams_common/src/java/org/lamsfoundation/lams/util/ConfigurationKeys.java 9 Jul 2007 07:20:03 -0000 1.23.2.4
+++ lams_common/src/java/org/lamsfoundation/lams/util/ConfigurationKeys.java 12 Jul 2007 02:53:11 -0000 1.23.2.5
@@ -150,4 +150,6 @@
public static String SHIB_IDP_SSO_HANDLER = "ShibIdPSSOHandler";
public static String SHIB_IDP_ENTITY_ID = "ShibIdPEntityId";
+
+ public static String SHIB_ENABLED = "ShibEnabled";
}
\ No newline at end of file