Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

[11:05:16 CDT(-0500)] <b-sure> hello uPortal devs. Are there URL's in uportal that cannont be accessed unless the user has authenticated? I"m trying to force a redirect to the login page by requesting a protected resource.

[11:05:59 CDT(-0500)] <EricDalquist> all new sessions should get /Login first

[11:06:09 CDT(-0500)] <EricDalquist> but there was a bug in 4.0.3 (maybe 4.0.4 too) that prevented that

[11:06:16 CDT(-0500)] <EricDalquist> one of the many little fixes I have to get pushed back

[11:08:22 CDT(-0500)] <b-sure> ok thanks EricDalquist. I"m just working on some uMobile authentication using ECP and it requires the client to attempt to access a shibb protected resource.

[11:11:52 CDT(-0500)] <EricDalquist> things are going better today

[11:12:02 CDT(-0500)] <EricDalquist> I should be able to start pulling local mods over into uPortal this afternoon

[11:12:08 CDT(-0500)] <EricDalquist> and hopefully in there are the fixes you need

[11:45:56 CDT(-0500)] <b-sure> cool. thanks EricDalquist

[13:18:15 CDT(-0500)] <b-sure> hello EricDalquist. Is there a url I can request in uPortal that will automatically redirect me to the login? I know there isn't anything in web.xml that says there are protected resources.

[13:18:33 CDT(-0500)] <EricDalquist> (2012-04-05 11:05:58) EricDalquist: all new sessions should get /Login first

[13:18:33 CDT(-0500)] <EricDalquist> (2012-04-05 11:06:09) EricDalquist: but there was a bug in 4.0.3 (maybe 4.0.4 too) that prevented that

[13:18:33 CDT(-0500)] <EricDalquist> (2012-04-05 11:06:15) EricDalquist: one of the many little fixes I have to get pushed back

[13:19:54 CDT(-0500)] <b-sure> ok but are you redirected to /Login no matter what url you hit within the portal? I'm just trying to see if we can shibb protect /Login or if we need to protect some other sub path.

[13:20:02 CDT(-0500)] <EricDalquist> yes

[13:20:26 CDT(-0500)] <EricDalquist> once the bug is fixed any first-time-session request should bounce you off /Login

[13:20:26 CDT(-0500)] <b-sure> hmm. that may be an issue for shibb users I think unless all paths in the portal are shibb protected

[13:20:56 CDT(-0500)] <b-sure> because currently we protect our whole portal with shibb which works fine under this scheme

[13:21:17 CDT(-0500)] <b-sure> but for umobile to work, we need to expose an unauthenticated view

[13:21:36 CDT(-0500)] <EricDalquist> that would be a question for the umobile

[13:21:37 CDT(-0500)] <EricDalquist> folks

[13:21:48 CDT(-0500)] <EricDalquist> to see if they can enumerate a set of urls needed by umobile

[13:34:40 CDT(-0500)] <athena> b-sure: if you want to have an unauthenticated version of umobile, you're going to need to allow unauthenticated access to your portal

[13:34:43 CDT(-0500)] <b-sure> ok EricDalquist. another hopefully easy question for you. Are the sub context paths for the guest user (logged in by passing through /Login) any different the the sub context paths for reqular users who authenticate through a login form.

[13:34:45 CDT(-0500)] <athena> umobile re-uses the guest view

[13:35:09 CDT(-0500)] <EricDalquist> huh?

[13:35:10 CDT(-0500)] <b-sure> hello athena. yes we are exposing the unauthenticated view of the portal

[13:35:37 CDT(-0500)] <athena> ok, i guess i'm not quite following, sorry (smile)

[13:35:47 CDT(-0500)] <EricDalquist> what is a sub-context?

[13:35:48 CDT(-0500)] <b-sure> the issue is that for shibb to kick in , you need to attempt to access a protected resource

[13:36:03 CDT(-0500)] <EricDalquist> b-sure: why not have a phantom url for the shib login?

[13:36:05 CDT(-0500)] <b-sure> subcontext like /uPortal/subcontextpath/protlet

[13:36:06 CDT(-0500)] <EricDalquist> we do that all the time

[13:36:20 CDT(-0500)] <EricDalquist> setup a <location> block in apache

[13:36:25 CDT(-0500)] <EricDalquist> protect it with shib

[13:36:30 CDT(-0500)] <EricDalquist> and define a redirect to the portal

[13:36:43 CDT(-0500)] <b-sure> yeah thats what I'm thinking . I'm talking to an admin now about a phantom path for shib. but I think it still needs to be a sub context of the portal

[13:36:51 CDT(-0500)] <EricDalquist> so you direct users to example.com/SHIB_FORCE_AUTH

[13:36:57 CDT(-0500)] <EricDalquist> which requires shib-auth

[13:37:06 CDT(-0500)] <EricDalquist> and does nothing other than redirect to /portal/Login

[13:37:21 CDT(-0500)] <EricDalquist> so by subcontext you mean URL path?

[13:37:24 CDT(-0500)] <b-sure> ok so the reidrect is withi the<location> block?

[13:37:29 CDT(-0500)] <b-sure> yeah I mean url path

[13:37:36 CDT(-0500)] <EricDalquist> I think so ... we have an apache admin that does all that for us (tongue)

[13:37:37 CDT(-0500)] <b-sure> like sub path.

[13:37:42 CDT(-0500)] <b-sure> me too (smile)

[13:37:52 CDT(-0500)] <EricDalquist> take a look at https://wiki.jasig.org/display/UPC/Consistent+Portal+URLs

  • No labels