How To Create A Personalized Website In Chalet.Ch



Similar documents
UNIL Administration. > Many databases and applications:

Shibboleth Configuration in Tübingen

Web app AAI Integration How to integrate web applications with AAI in general?

Web Application Security Part 1

AA enabling a closed source legacy application

Federating with Web Applications

Integration of Shibboleth and (Web) Applications

U S E R D O C U M E N TA T I O N ( A L E P H I N O

Open-source Single Sign-On with CAS (Central Authentication Service)

Using Shibboleth for Single Sign- On

Logout Support on SP and Application

Chapter 1 Introduction to web development and PHP

How to Re-Direct Mobile Visitors to Your Library s Mobile App

Web Development Guide. Information Systems

Embedded PHP. Web services vs. embedded PHP. CSE 190 M (Web Programming), Spring 2008 University of Washington

How To Understand The Architecture Of Java 2Ee, J2Ee, And J2E (Java) In A Wordpress Blog Post

How To Write A Program In Php (Php)

in Swiss Higher Education

Hello friends, This is Aaditya Purani and i will show you how to Bypass PHP LFI(Local File Inclusion)

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources

API. Application Programmers Interface document. For more information, please contact: Version 2.01 Aug 2015

Fasthosts ASP scripting examples Page 1 of 17

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

T14 SECURITY TESTING: ARE YOU A DEER IN THE HEADLIGHTS? Ryan English SPI Dynamics Inc BIO PRESENTATION. Thursday, May 18, :30PM

Web Application Development

Wonderware InTouch Access Anywhere Secure Gateway Administrator Manual

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

URLs and HTTP. ICW Lecture 10 Tom Chothia

Security Issues in Web Programming. Robert M. Dondero, Ph.D. Princeton University

lectures/6/src/blink.html blink.html David J. Malan Computer Science S-75 Harvard Summer School 10. <!DOCTYPE html> 12. </script> 16.

Lets get a federated identity. Intro to Federated Identity. Feide OpenIdP. Enter your address. Do you have access to your ?

NETMESSENGER API EXAMPLES

Creating Java EE Applications and Servlets with IntelliJ IDEA

An introduction to web programming with Java

Shibboleth Identity Provider (IdP) Sebastian Rieger

SWITCH Resource Registry Guide

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

JBoss Portlet Container. User Guide. Release 2.0

Tableau Server Trusted Authentication

Web Application Security. Srikumar Venugopal S2, Week 8, 2013

Ericom Secure Gateway

Middleware integration in the Sympa mailing list software. Olivier Salaün - CRU

Federated AAA middleware and the QUT SSO environment

Fax via HTTP (POST) Traitel Telecommunications Pty Ltd 2012 Telephone: (61) (2) Page 1

S P I E Information Environments Shibboleth and Its Integration into Security Architectures. EDUCAUSE & Internet 2 Security Professionals Conference

Modern Web Application Framework Python, SQL Alchemy, Jinja2 & Flask

Chapter 1 Programming Languages for Web Applications

External Identity and Authentication Providers For Apache HTTP Server

Tableau Server Trusted Authentication

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

esoc SSA DC-I Part 1 - Single Sign-On and Access Management ICD

WEB PROGRAMMING LAB (Common to CSE & IT)

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

HTTP - METHODS. Same as GET, but transfers the status line and header section only.

ShoreTel Enterprise Contact Center 8 Installing and Implementing Chat

Bitrix Site Manager. Quick Guide To Using The AD/LDAP Module

WWW. World Wide Web Aka The Internet. dr. C. P. J. Koymans. Informatics Institute Universiteit van Amsterdam. November 30, 2007

Application Servers G Session 2 - Main Theme Page-Based Application Servers. Dr. Jean-Claude Franchitti

Shibboleth SP Simple Installation Guide For LINUX

Tutorial básico del método AJAX con PHP y MySQL

How To Let A Lecturer Know If Someone Is At A Lecture Or If They Are At A Guesthouse

Web Container Components Servlet JSP Tag Libraries

Slides from INF3331 lectures - web programming in Python

How To Get A Single Sign On (Sso)

ShibboLEAP Project. Final Report: School of Oriental and African Studies (SOAS) Colin Rennie

Operations and Maintenance Manual

Modeling Presentation Layers of Web Applications for Testing

CrownPeak Playbook CrownPeak Hosting with PHP

AAI - Authentication and Authorization Infrastructure

Penetration Testing with Selenium. OWASP 14 January The OWASP Foundation

1.264 Lecture 19 Web database: Forms and controls

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications

Web based single sign on. Caleb Racey Web development officer Webteam, customer services, ISS

Federated Identity Management

AAI for mandatory authentication and proxy usage to allow internet access on public workstations of ETH-Bibliothek

SIM Configuration Guide. February 2015 Version 1 Document Reference: 8127

AD Phonebook 2.2. Installation and configuration. Dovestones Software

Practical Security Evaluation of SAML-based Single Sign-On Solutions

Authentication Authorization Infrastructure

1. Introduction 1.1 Methodology

Introduction to web development using XHTML and CSS. Lars Larsson. Today. Course introduction and information XHTML. CSS crash course.

SSO Plugin. Authentication service for HP, Kinetic, Jasper, SAP and CA products. J System Solutions. JSS SSO Plugin Authentication service

Ulteo Open Virtual Desktop - Protocol Description

Table of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3

Certificate in Web Development and Administration

ICS 434 Advanced Database Systems

Short notes on webpage programming languages

Oracle Eloqua HIPAA Advanced Data Security Add-on Cloud Service

Topic 7: Back-End Form Processing and Database Publishing with PHP/MySQL

PHP and XML. Brian J. Stafford, Mark McIntyre and Fraser Gallop

Service Enrolment Document. Version: 1.0. September, July, e-transaction Aggregation and Analysis Layer. User and Technical Manual

Authentication and Single Sign On

Enter Here -> Directory Submitter Software For One > Visit Here <

Precondition for a good understanding: knowledge of a higher programming language (e.g. C, Java, Perl, Pascal, Basic,... ) basic knowledge of html

Federated Wikis Andreas Åkre Solberg

Citrix EasyCall Gateway Pre-Installation Checklist

Setup and Administration for ISVs

ArpViewer Manual Version Datum

Transcription:

AAI-enabling Web Applications (personalized, dynamic content in PHP, ASP, Perl, Java,...) Valéry Tschopp <tschopp@switch.ch> 2005 SWITCH

AAI Attribute Transmission Attributes Store SAML Attributes Home Organization Shibboleth Origin Resource Shibboleth Target resolver.xml ARP.xml AAP.xml What and how to read from attributes store? Attribute Release Policy: Which attributes can be sent to this resource? Attribute Acceptance Policy: What can be forwarded to the resource/application? 2

List of AAI Attributes and HTTP Headers AAI Attributes swissedupersonuniqueid surname givenname swissedupersonhomeorganization swissedupersonhomeorganizationtype edupersonaffiliation mail postaladdress telephonenumber swissedupersonstudybranch3 swissedupersonstudylevel swissedupersonstaffcategory swissedupersonbirthdate swissedupersongender preferredlanguage homepostaladdress homephone mobiletelephonenumber swissedupersonstudybranch1 swissedupersonstudybranch2 swissedupersonorgdn swissedupersonorgunitdn swissedupersonentitlement HTTP Headers HTTP_SHIB_SWISSEP_UNIQUEID HTTP_SHIB_PERSON_SURNAME HTTP_SHIB_INETORGPERSON_GIVENNAME HTTP_SHIB_SWISSEP_HOMEORGANIZATION HTTP_SHIB_SWISSEP_HOMEORGANIZATIONTYPE HTTP_SHIB_EP_AFFILIATION HTTP_SHIB_INETORGPERSON_MAIL HTTP_SHIB_ORGPERSON_POSTALADDRESS HTTP_SHIB_PERSON_TELEPHONENUMBER HTTP_SHIB_SWISSEP_SWISSEDUPERSONSTUDYBRANCH3 HTTP_SHIB_SWISSEP_SWISSEDUPERSONSTUDYLEVEL HTTP_SHIB_SWISSEP_SWISSEDUPERSONSTAFFCATEGORY HTTP_SHIB_SWISSEP_DATEOFBIRTH HTTP_SHIB_SWISSEP_GENDER HTTP_SHIB_INETORGPERSON_PREFERREDLANGUAGE HTTP_SHIB_INETORGPERSON_HOMEPOSTALADDRESS HTTP_SHIB_INETORGPERSON_HOMEPHONE HTTP_SHIB_INETORGPERSON_MOBILE HTTP_SHIB_SWISSEP_SWISSEDUPERSONSTUDYBRANCH1 HTTP_SHIB_SWISSEP_SWISSEDUPERSONSTUDYBRANCH2 HTTP_SHIB_EP_ORGDN HTTP_SHIB_EP_ORGUNITDN HTTP_SHIB_EP_ENTITLEMENT 3

Exporting AAI-Attributes to Applications with Apache httpd.conf <Location /secure> AuthType shibboleth ShibRequireSession on require valid-user </Location> HTTP Headers (e.g. HTTP_SHIB_SWISSEP_UNIQUEID) Use attribute in PHP: <?php $uniqueid= $_SERVER['HTTP_SHIB_SWISSEP_UNIQUEID'];?> 4

Exporting AAI-Attributes to Applications with IIS shibboleth.xml <RequestMap...> <Host...> <Path name= secure" requiresession="true"...> HTTP Headers (e.g. HTTP_SHIB_SWISSEP_UNIQUEID) Use attribute in PHP: <?php $uniqueid = $_SERVER['HTTP_SHIB_SWISSEP_UNIQUEID'];...?> Use attribute in ASP: <% Set uniqueid = Request.ServerVariables("HTTP_SHIB_SWISSEP_UNIQUEID )... %> 5

Personalized System, Non-Shibbolized Login: pmueller PW: 5*er2 Username pmueller jmeier jsample petudient PW 5*er2 Data 6

Personalized System, Shibbolized Login: p.mueller PW: 4rtz3w UniqueID: 235241@ethz.ch if exists Username Data Shibboleth Home Organisation Shibboleth Component 235241@ethz.ch HB5ghI@unibe.ch Gz58f7@unibe.ch ktziwlg@unil.ch update 7

Personalized System, Shibbolized, Creating New Users Login: h.flueck PW: 45$iU2 UniqueID: ef7uhi@unibe.ch Username Data Shibboleth Home Organisation Shibboleth Component else create 235241@ethz.ch HB5ghI@unibe.ch Gz58f7@unibe.ch ktziwlg@unil.ch ef7uhi@unibe.ch insert 8

Sample personalized PHP-Application (without AAI) <?php session_name('non-shibboleth'); session_start(); session_register('user'); session_register('counter'); session_register('date'); echo "<html><body>"; // Use PHP session cookies // Associate the variable $user with the session // Associate the variable $counter with the session // Associate the variable $date with the session if (empty($user)) { // No user-session if (empty($_get['username'])) { // No username submitted -> display login form echo "<form method='get'>"; echo "Username:<input type='text' name='username'><br>"; echo "Password:<input type='password' name='password'>"; echo "<input type='submit' value='login'>"; echo "</form>"; else { // Check password if ($_GET['password']=="pass") { $user = $_GET['username']; // Store username in session else { echo "Wrong password. Go back and try again!"; Login Form Check password if (!empty($user)) { echo "<h3>hello $user!</h3>"; // User is identified -> display personalized page if (!empty($counter)) echo "<p>you were already here $counter times!"; $counter++; if (!empty($date)) echo "<p>last visit: $date"; $date= date("f j, Y, g:i a"); // Display date of last visit echo "<hr>"; echo "Here comes whatever personalized application (WebMail, Calendar, Forum, Chat, Portal, E-Learning Plattform, DB)"; echo "</body></html>"; https://koolau.switch.ch/nonshib/sample.php?> 9

Sample personalized PHP-Application (with AAI) <?php session_name('shibboleth'); session_start(); session_register('counter'); session_register('date'); echo "<html><body>"; $uniqueid = $_SERVER['HTTP_SHIB_SWISSEP_UNIQUEID']; if (empty($uniqueid)) { echo "Attribute (SwissEduPerson-) 'UniqueID' is missing."; echo "<br>please contact the administrator of your AAI Home Organisation."; else { // Read Shibboleth attributes from HTTP server $name = $_SERVER['HTTP_SHIB_PERSON_SURNAME']; $name= utf8_decode($name); $firstname= $_SERVER['HTTP_SHIB_INETORGPERSON_GIVENNAME']; $firstname= utf8_decode($firstname); if (empty($name) or empty($firstname)) { $username= $uniqueid; else { $username= "$firstname $name ($uniqueid)"; echo "<h3>hello $username!</h3>"; // Use PHP session cookies // Associate the variable $counter with the session // Associate the variable $date with the session // Read Shibboleth attribute // UniqueID attribute is missing if (!empty($counter)) echo "<p>you were already here $counter times!"; $counter++; Check for required attributes Preprocess attributes if (!empty($date)) echo "<p>last visit: $date"; $date= date("f j, Y, g:i a"); // Display date of last visit echo "<hr>"; echo "Here comes whatever personalized application (WebMail, Calendar, Forum, Chat, Portal, E-Learning Plattform, DB)"; echo "</body></html>"; https://koolau.switch.ch/shib/sample.php?> 10

Sample personalized ASP-Application (without AAI) <% If Not(Session("counter") > 0) Then Session("counter") = 0 Response.Charset="UTF-8" Response.Write ("<?xml version=""1.0"" encoding=""utf-8""?>" & _ "<!DOCTYPE html PUBLIC ""-//W3C//DTD XHTML 1.1//EN""" & _ """http://www.w3.org/tr/xhtml11/dtd/xhtml11.dtd"">" & _ "<html xmlns=""http://www.w3.org/1999/xhtml"" xml:lang=""en"">") If (isempty(session("username"))) Then If (isempty(request.form("username"))) Then %><pre><form method="post" action="<% Response.Write(Request.ServerVariables("SCRIPT_NAME")) %>"> Username: <input type="text" name="username"> Password: <input type="text" name="password"> <input type="submit" value="login"> </pre></form><% Else If (Request.Form("password") = "pass") Then Session("username") = Request.Form("username") Else Response.Write("Wrong password. Go back and try again!") If Not (IsEmpty(Session("username"))) Then Response.Write("<h3>Hello " + Session("username") + "!</h3>") If (Session("counter") > 0) Then Response.Write("<p>You were already here " & Session("counter") & " times!</p>" ) Session("counter") = Session("counter") + 1 Login Form Check password If Not(isEmpty(Session("date"))) Then Response.Write("<p>Last visit: " & Session("date") & "</p>") Session("date") = MonthName(month(Now)) & " " & day(now) & ", " & year(now) & " " & Time Response.Write("<hr/>") Response.Write("Here comes whatever personalized application (WebMail, Calendar, Forum, Chat, Portal, E-Learning Platform, DB)") Response.Write("</html></body>") %> 11

Sample personalized ASP-Application (with AAI) <% Dim uniqueid, surname, givenname If Not(Session("counter") > 0) Then Session("counter") = 0 Response.Charset="UTF-8" Response.Write ("<?xml version=""1.0"" encoding=""utf-8""?>" & _ "<!DOCTYPE html PUBLIC ""-//W3C//DTD XHTML 1.1//EN""" & _ """http://www.w3.org/tr/xhtml11/dtd/xhtml11.dtd"">" & _ "<html xmlns=""http://www.w3.org/1999/xhtml"" xml:lang=""en"">") Set uniqueid = Request.ServerVariables("HTTP_SHIB_SWISSEP_UNIQUEID") If (isempty(uniqueid)) Then Response.Write("Attribute (SwissEduPerson-) 'UniqueID' is missing.") Response.Write("<br/>Please contact the administrator of your AAI Home Organisation.") Else ' Read Shibboleth attributes from HTTP server Set surname = Request.ServerVariables("HTTP_SHIB_PERSON_SURNAME") Set givenname = Request.ServerVariables("HTTP_SHIB_INETORGPERSON_GIVENNAME") If (isempty(surname) OR isempty(givenname)) Then Response.Write("<h3>Hello " & uniqueid & "!</h3>") Else Response.Write("<h3>Hello ") Response.Write((givenname) & " " & surname) Response.Write("!</h3>") Check attributes Use attributes If (Session("counter") > 0) Then Response.Write("<p>You were already here " & Session("counter") & " times!</p>" ) Session("counter") = Session("counter") + 1 If Not(isEmpty(Session("date"))) Then Response.Write("<p>Last visit: " & Session("date") & "</p>") Session("date") = MonthName(month(Now)) & " " & day(now) & ", " & year(now) & " " & Time Response.Write("<hr/>") Response.Write("Here comes whatever personalized application (WebMail, Calendar, Forum, Chat, Portal, E-Learning Platform, DB)") Response.Write("</html></body>") %> 12

Personalized System, For Shib & non-shib Users Login: p.mueller PW: 4rtz3w Login: pmueller PW: 5*er2 UniqueID: 235241@ethz.ch Username User PW Shibboleth Home Organisation Shibboleth Component 235241@ethz.ch HB5ghI@unibe.ch Gz58f7@unibe.ch ktziwlg@unil.ch pmueller 5*er2 13

Summary Apache IIS Static Content Fine grained AuthZ Shibbolization straightforward Only valid_user AuthZ for static content Shibbolization straightforward Dynamic Content (Web Applications written in PHP, ASP, Perl, Java [running on Tomcat or other App- Servers], ) AuthZ by Web Server (see above) and/or by Application Shibbolization by Adaptation of Code 14

Questions? Q & A http://www.switch.ch/aai aai@switch.ch 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information