Shibboleth Login -> Redirect to MyResearch/Home

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Shibboleth Login -> Redirect to MyResearch/Home

Cornelius Amzar
Hello everybody,

we're still running VuFind 2.5 and testing Shibboleth right now.

After the login, the user is redirected to MyResearch/Home. If we
configure another target, the login is not processed properly.

The question: Is it possible to send the user back to the page that
he/she visited when clicking the Login button? That would be much nicer.
And is a default behavior in most web applications I know.

Thanks for any suggestions!

Cornelius
--
Cornelius Amzar, M.Sc.
Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
78457 Konstanz / Germany
E-Mail: [hidden email]
http://www.bsz-bw.de

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Vufind-tech mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vufind-tech
Reply | Threaded
Open this post in threaded view
|

Re: Shibboleth Login -> Redirect to MyResearch/Home

Demian Katz
Cornelius,

My understanding about how this is supposed to work is that, when a login prompt is triggered, VuFind should store the referring page in the user's session. When Shibboleth returns control to VuFind by redirecting to MyResearch/Home, that should complete the login process and then redirect the user back to the original referring page.

I know that there have been some Shibboleth-related glitches in the history of VuFind, and I can't remember exactly what has changed since release 2.5 -- but that's at least my understanding of what should be happening.

If you still need help following that basic conceptual overview, I can look back at the 2.5 code and point you in the direction of where you could try debugging....

- Demian

-----Original Message-----
From: Cornelius Amzar [mailto:[hidden email]]
Sent: Monday, February 13, 2017 8:35 AM
To: [hidden email]; Winkler, Stefan
Subject: [VuFind-Tech] Shibboleth Login -> Redirect to MyResearch/Home

Hello everybody,

we're still running VuFind 2.5 and testing Shibboleth right now.

After the login, the user is redirected to MyResearch/Home. If we configure another target, the login is not processed properly.

The question: Is it possible to send the user back to the page that he/she visited when clicking the Login button? That would be much nicer.
And is a default behavior in most web applications I know.

Thanks for any suggestions!

Cornelius
--
Cornelius Amzar, M.Sc.
Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
78457 Konstanz / Germany
E-Mail: [hidden email]
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bsz-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=MPuHpvK0E9nFyB62%2FI6Dzb2CmiaNsmvafTsxuLe07fg%3D&reserved=0

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.link%2Fslashdot&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=PW83oAmLefWc5s9XHZOLeaRwbe%2FGBcCZY4MhAwX%2F4wU%3D&reserved=0
_______________________________________________
Vufind-tech mailing list
[hidden email]
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fvufind-tech&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=Ghf9CgwM%2BYcbdpsgAeel2OiIhp%2BWbqgYZ2YrLolpqT0%3D&reserved=0
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Vufind-tech mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vufind-tech
Reply | Threaded
Open this post in threaded view
|

Re: Shibboleth Login -> Redirect to MyResearch/Home

Cornelius Amzar
Hi Demian,

You're right. The referer is saved in MyResearch/Login action. The
problem is Shibboleth uses an external login page (the IdP). The url is
set in config.ini, section Shibboleth, parameter login. It's default
points to /Shibboleth.sso/Login which is not under control of VuFind.

So, there is no link pointing to /MyResearch/Login and then redirects to
/Shibboleth.sso/Login. That's why no referer is saved.

Seems to be a bug still open in current master, as the
Shibboleth.sso/Login is still there.

Regards,
Cornelius



Am 13.02.2017 um 16:08 schrieb Demian Katz:

> Cornelius,
>
> My understanding about how this is supposed to work is that, when a login prompt is triggered, VuFind should store the referring page in the user's session. When Shibboleth returns control to VuFind by redirecting to MyResearch/Home, that should complete the login process and then redirect the user back to the original referring page.
>
> I know that there have been some Shibboleth-related glitches in the history of VuFind, and I can't remember exactly what has changed since release 2.5 -- but that's at least my understanding of what should be happening.
>
> If you still need help following that basic conceptual overview, I can look back at the 2.5 code and point you in the direction of where you could try debugging....
>
> - Demian
>
> -----Original Message-----
> From: Cornelius Amzar [mailto:[hidden email]]
> Sent: Monday, February 13, 2017 8:35 AM
> To: [hidden email]; Winkler, Stefan
> Subject: [VuFind-Tech] Shibboleth Login -> Redirect to MyResearch/Home
>
> Hello everybody,
>
> we're still running VuFind 2.5 and testing Shibboleth right now.
>
> After the login, the user is redirected to MyResearch/Home. If we configure another target, the login is not processed properly.
>
> The question: Is it possible to send the user back to the page that he/she visited when clicking the Login button? That would be much nicer.
> And is a default behavior in most web applications I know.
>
> Thanks for any suggestions!
>
> Cornelius
> --
> Cornelius Amzar, M.Sc.
> Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
> 78457 Konstanz / Germany
> E-Mail: [hidden email]
> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bsz-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=MPuHpvK0E9nFyB62%2FI6Dzb2CmiaNsmvafTsxuLe07fg%3D&reserved=0
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.link%2Fslashdot&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=PW83oAmLefWc5s9XHZOLeaRwbe%2FGBcCZY4MhAwX%2F4wU%3D&reserved=0
> _______________________________________________
> Vufind-tech mailing list
> [hidden email]
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fvufind-tech&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=Ghf9CgwM%2BYcbdpsgAeel2OiIhp%2BWbqgYZ2YrLolpqT0%3D&reserved=0
>

--
Cornelius Amzar, M.Sc.
Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
78457 Konstanz / Germany
E-Mail: [hidden email]
http://www.bsz-bw.de

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Vufind-tech mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vufind-tech
Reply | Threaded
Open this post in threaded view
|

Re: Shibboleth Login -> Redirect to MyResearch/Home

Demian Katz

Cornelius,


I'll try to give this another look when I get back from vacation next week. Unfortunately, since I don't have a Shibboleth instance to test with, I can only simulate the workflow, so that may be the reason I'm not seeing the same problem that you describe. I'd be very interested to hear from other Shibboleth users. I was really under the impression that we had gotten this problem sorted out, but because it's so hard for me to test, it's certainly possible that something has gone wrong....


- Demian




From: Cornelius Amzar <[hidden email]>
Sent: Thursday, February 16, 2017 10:11 AM
To: Demian Katz; [hidden email]; Winkler, Stefan
Subject: Re: [VuFind-Tech] Shibboleth Login -> Redirect to MyResearch/Home
 
Hi Demian,

You're right. The referer is saved in MyResearch/Login action. The
problem is Shibboleth uses an external login page (the IdP). The url is
set in config.ini, section Shibboleth, parameter login. It's default
points to /Shibboleth.sso/Login which is not under control of VuFind.

So, there is no link pointing to /MyResearch/Login and then redirects to
/Shibboleth.sso/Login. That's why no referer is saved.

Seems to be a bug still open in current master, as the
Shibboleth.sso/Login is still there.

Regards,
Cornelius



Am 13.02.2017 um 16:08 schrieb Demian Katz:
> Cornelius,
>
> My understanding about how this is supposed to work is that, when a login prompt is triggered, VuFind should store the referring page in the user's session. When Shibboleth returns control to VuFind by redirecting to MyResearch/Home, that should complete the login process and then redirect the user back to the original referring page.
>
> I know that there have been some Shibboleth-related glitches in the history of VuFind, and I can't remember exactly what has changed since release 2.5 -- but that's at least my understanding of what should be happening.
>
> If you still need help following that basic conceptual overview, I can look back at the 2.5 code and point you in the direction of where you could try debugging....
>
> - Demian
>
> -----Original Message-----
> From: Cornelius Amzar [[hidden email]]
> Sent: Monday, February 13, 2017 8:35 AM
> To: [hidden email]; Winkler, Stefan
> Subject: [VuFind-Tech] Shibboleth Login -> Redirect to MyResearch/Home
>
> Hello everybody,
>
> we're still running VuFind 2.5 and testing Shibboleth right now.
>
> After the login, the user is redirected to MyResearch/Home. If we configure another target, the login is not processed properly.
>
> The question: Is it possible to send the user back to the page that he/she visited when clicking the Login button? That would be much nicer.
> And is a default behavior in most web applications I know.
>
> Thanks for any suggestions!
>
> Cornelius
> --
> Cornelius Amzar, M.Sc.
> Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
> 78457 Konstanz / Germany
> E-Mail: [hidden email]
> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bsz-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=MPuHpvK0E9nFyB62%2FI6Dzb2CmiaNsmvafTsxuLe07fg%3D&reserved=0
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.link%2Fslashdot&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=PW83oAmLefWc5s9XHZOLeaRwbe%2FGBcCZY4MhAwX%2F4wU%3D&reserved=0
> _______________________________________________
> Vufind-tech mailing list
> [hidden email]
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fvufind-tech&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=Ghf9CgwM%2BYcbdpsgAeel2OiIhp%2BWbqgYZ2YrLolpqT0%3D&reserved=0
>

--
Cornelius Amzar, M.Sc.
Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
78457 Konstanz / Germany
E-Mail: [hidden email]
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bsz-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C8b47c6091dc64ca9cd7508d4567f88f5%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636228553159034140&sdata=dkxDHGG9eYGHW37cOoDZn2NP1XzDgUk1d9JURLwy5y0%3D&reserved=0

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Vufind-tech mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vufind-tech
Reply | Threaded
Open this post in threaded view
|

Re: Shibboleth Login -> Redirect to MyResearch/Home

Cornelius Amzar
Hi Demian,

first enjoy your vacation! I think you should be able to reproduce it.

The sessionInitiator called in header.phtml and printing the "Login"
link returns /Shibboleth.sso/Login. So the referer is not saved saved.

The referer is saved in /MyResearch/Login action, so I guess other auth
methods are pointing here first? Just place a dump here to see the saved
referer.

Cornelius




Am 16.02.2017 um 17:06 schrieb Demian Katz:

> Cornelius,
>
>
> I'll try to give this another look when I get back from vacation next
> week. Unfortunately, since I don't have a Shibboleth instance to test
> with, I can only simulate the workflow, so that may be the reason I'm
> not seeing the same problem that you describe. I'd be very interested to
> hear from other Shibboleth users. I was really under the impression that
> we had gotten this problem sorted out, but because it's so hard for me
> to test, it's certainly possible that something has gone wrong....
>
>
> - Demian
>
>
>
> ------------------------------------------------------------------------
> *From:* Cornelius Amzar <[hidden email]>
> *Sent:* Thursday, February 16, 2017 10:11 AM
> *To:* Demian Katz; [hidden email]; Winkler, Stefan
> *Subject:* Re: [VuFind-Tech] Shibboleth Login -> Redirect to
> MyResearch/Home
>
> Hi Demian,
>
> You're right. The referer is saved in MyResearch/Login action. The
> problem is Shibboleth uses an external login page (the IdP). The url is
> set in config.ini, section Shibboleth, parameter login. It's default
> points to /Shibboleth.sso/Login which is not under control of VuFind.
>
> So, there is no link pointing to /MyResearch/Login and then redirects to
> /Shibboleth.sso/Login. That's why no referer is saved.
>
> Seems to be a bug still open in current master, as the
> Shibboleth.sso/Login is still there.
>
> Regards,
> Cornelius
>
>
>
> Am 13.02.2017 um 16:08 schrieb Demian Katz:
>> Cornelius,
>>
>> My understanding about how this is supposed to work is that, when a login prompt is triggered, VuFind should store the referring page in the user's session. When Shibboleth returns control to VuFind by redirecting to MyResearch/Home, that should complete the login process and then redirect the user back to the original
> referring page.
>>
>> I know that there have been some Shibboleth-related glitches in the history of VuFind, and I can't remember exactly what has changed since release 2.5 -- but that's at least my understanding of what should be happening.
>>
>> If you still need help following that basic conceptual overview, I can look back at the 2.5 code and point you in the direction of where you could try debugging....
>>
>> - Demian
>>
>> -----Original Message-----
>> From: Cornelius Amzar [mailto:[hidden email]]
>> Sent: Monday, February 13, 2017 8:35 AM
>> To: [hidden email]; Winkler, Stefan
>> Subject: [VuFind-Tech] Shibboleth Login -> Redirect to MyResearch/Home
>>
>> Hello everybody,
>>
>> we're still running VuFind 2.5 and testing Shibboleth right now.
>>
>> After the login, the user is redirected to MyResearch/Home. If we configure another target, the login is not processed properly.
>>
>> The question: Is it possible to send the user back to the page that he/she visited when clicking the Login button? That would be much nicer.
>> And is a default behavior in most web applications I know.
>>
>> Thanks for any suggestions!
>>
>> Cornelius
>> --
>> Cornelius Amzar, M.Sc.
>> Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
>> 78457 Konstanz / Germany
>> E-Mail: [hidden email]
>> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bsz-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=MPuHpvK0E9nFyB62%2FI6Dzb2CmiaNsmvafTsxuLe07fg%3D&reserved=0
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.link%2Fslashdot&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=PW83oAmLefWc5s9XHZOLeaRwbe%2FGBcCZY4MhAwX%2F4wU%3D&reserved=0
>> _______________________________________________
>> Vufind-tech mailing list
>> [hidden email]
>> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fvufind-tech&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=Ghf9CgwM%2BYcbdpsgAeel2OiIhp%2BWbqgYZ2YrLolpqT0%3D&reserved=0
>>
>
> --
> Cornelius Amzar, M.Sc.
> Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
> 78457 Konstanz / Germany
> E-Mail: [hidden email]
> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bsz-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C8b47c6091dc64ca9cd7508d4567f88f5%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636228553159034140&sdata=dkxDHGG9eYGHW37cOoDZn2NP1XzDgUk1d9JURLwy5y0%3D&reserved=0

--
Cornelius Amzar, M.Sc.
Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
78457 Konstanz / Germany
E-Mail: [hidden email]
http://www.bsz-bw.de

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Vufind-tech mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vufind-tech
Reply | Threaded
Open this post in threaded view
|

Re: Shibboleth Login -> Redirect to MyResearch/Home

Demian Katz
Cornelius,

I just double-checked this against the latest master, and Shibboleth login seems to be working as I would expect it to. I can go to any arbitrary URL within VuFind, click "Institutional Login" in the header, and get redirected back to the page I came from after the login process.

Note that the links are not pointing directly at Shibboleth.sso/Login, but rather at the internal VuFind MyResearch/UserLogin page. It is this page which updates the session with the referrer prior to redirecting to Shibboleth, which allows that state to be restored upon return.

I can't remember exactly when this was introduced, but I think it has been around for quite a while.

Is it possible that you have a custom header template that is pointing to a different route than the default header template?

- Demian

-----Original Message-----
From: Cornelius Amzar [mailto:[hidden email]]
Sent: Friday, February 17, 2017 2:20 AM
To: Demian Katz; [hidden email]; Winkler, Stefan
Subject: Re: [VuFind-Tech] Shibboleth Login -> Redirect to MyResearch/Home

Hi Demian,

first enjoy your vacation! I think you should be able to reproduce it.

The sessionInitiator called in header.phtml and printing the "Login"
link returns /Shibboleth.sso/Login. So the referer is not saved saved.

The referer is saved in /MyResearch/Login action, so I guess other auth methods are pointing here first? Just place a dump here to see the saved referer.

Cornelius




Am 16.02.2017 um 17:06 schrieb Demian Katz:

> Cornelius,
>
>
> I'll try to give this another look when I get back from vacation next
> week. Unfortunately, since I don't have a Shibboleth instance to test
> with, I can only simulate the workflow, so that may be the reason I'm
> not seeing the same problem that you describe. I'd be very interested
> to hear from other Shibboleth users. I was really under the impression
> that we had gotten this problem sorted out, but because it's so hard
> for me to test, it's certainly possible that something has gone wrong....
>
>
> - Demian
>
>
>
> ----------------------------------------------------------------------
> --
> *From:* Cornelius Amzar <[hidden email]>
> *Sent:* Thursday, February 16, 2017 10:11 AM
> *To:* Demian Katz; [hidden email]; Winkler, Stefan
> *Subject:* Re: [VuFind-Tech] Shibboleth Login -> Redirect to
> MyResearch/Home
>
> Hi Demian,
>
> You're right. The referer is saved in MyResearch/Login action. The
> problem is Shibboleth uses an external login page (the IdP). The url
> is set in config.ini, section Shibboleth, parameter login. It's
> default points to /Shibboleth.sso/Login which is not under control of VuFind.
>
> So, there is no link pointing to /MyResearch/Login and then redirects
> to /Shibboleth.sso/Login. That's why no referer is saved.
>
> Seems to be a bug still open in current master, as the
> Shibboleth.sso/Login is still there.
>
> Regards,
> Cornelius
>
>
>
> Am 13.02.2017 um 16:08 schrieb Demian Katz:
>> Cornelius,
>>
>> My understanding about how this is supposed to work is that, when a
>> login prompt is triggered, VuFind should store the referring page in
>> the user's session. When Shibboleth returns control to VuFind by
>> redirecting to MyResearch/Home, that should complete the login
>> process and then redirect the user back to the original
> referring page.
>>
>> I know that there have been some Shibboleth-related glitches in the history of VuFind, and I can't remember exactly what has changed since release 2.5 -- but that's at least my understanding of what should be happening.
>>
>> If you still need help following that basic conceptual overview, I can look back at the 2.5 code and point you in the direction of where you could try debugging....
>>
>> - Demian
>>
>> -----Original Message-----
>> From: Cornelius Amzar [mailto:[hidden email]]
>> Sent: Monday, February 13, 2017 8:35 AM
>> To: [hidden email]; Winkler, Stefan
>> Subject: [VuFind-Tech] Shibboleth Login -> Redirect to
>> MyResearch/Home
>>
>> Hello everybody,
>>
>> we're still running VuFind 2.5 and testing Shibboleth right now.
>>
>> After the login, the user is redirected to MyResearch/Home. If we configure another target, the login is not processed properly.
>>
>> The question: Is it possible to send the user back to the page that he/she visited when clicking the Login button? That would be much nicer.
>> And is a default behavior in most web applications I know.
>>
>> Thanks for any suggestions!
>>
>> Cornelius
>> --
>> Cornelius Amzar, M.Sc.
>> Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
>> 78457 Konstanz / Germany
>> E-Mail: [hidden email]
>> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.b
>> sz-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b3471
>> 3245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225
>> 910000543626&sdata=MPuHpvK0E9nFyB62%2FI6Dzb2CmiaNsmvafTsxuLe07fg%3D&r
>> eserved=0
>>
>> ---------------------------------------------------------------------
>> --------- Check out the vibrant tech community on one of the world's
>> most engaging tech sites, SlashDot.org!
>> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.l
>> ink%2Fslashdot&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c228
>> 1b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C
>> 636225910000543626&sdata=PW83oAmLefWc5s9XHZOLeaRwbe%2FGBcCZY4MhAwX%2F
>> 4wU%3D&reserved=0 _______________________________________________
>> Vufind-tech mailing list
>> [hidden email]
>> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
>> s.sourceforge.net%2Flists%2Flistinfo%2Fvufind-tech&data=02%7C01%7Cdem
>> ian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de
>> 5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=Ghf9CgwM
>> %2BYcbdpsgAeel2OiIhp%2BWbqgYZ2YrLolpqT0%3D&reserved=0
>>
>
> --
> Cornelius Amzar, M.Sc.
> Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
> 78457 Konstanz / Germany
> E-Mail: [hidden email]
> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bs
> z-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C8b47c6091dc64ca9c
> d7508d4567f88f5%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636228553
> 159034140&sdata=dkxDHGG9eYGHW37cOoDZn2NP1XzDgUk1d9JURLwy5y0%3D&reserve
> d=0

--
Cornelius Amzar, M.Sc.
Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
78457 Konstanz / Germany
E-Mail: [hidden email]
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bsz-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C98ec492713ba457f5eea08d457056dbd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636229128218866989&sdata=aEXtC1v6x7Jv7NBYOn%2B1xubMOSXK4dVd5RiTx%2FCIMyY%3D&reserved=0

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Vufind-tech mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vufind-tech
Reply | Threaded
Open this post in threaded view
|

Re: Shibboleth Login -> Redirect to MyResearch/Home

Cornelius Amzar
Hi Demian,

thanks, that helped. This was obviously fixed after release 2.5.

<a href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"

must be replaced with

<a href="<?=$this->url('myresearch-userlogin')?>">

in header.phtml.

Thanks a lot!

Cornelius





Am 22.02.2017 um 18:53 schrieb Demian Katz:

> Cornelius,
>
> I just double-checked this against the latest master, and Shibboleth login seems to be working as I would expect it to. I can go to any arbitrary URL within VuFind, click "Institutional Login" in the header, and get redirected back to the page I came from after the login process.
>
> Note that the links are not pointing directly at Shibboleth.sso/Login, but rather at the internal VuFind MyResearch/UserLogin page. It is this page which updates the session with the referrer prior to redirecting to Shibboleth, which allows that state to be restored upon return.
>
> I can't remember exactly when this was introduced, but I think it has been around for quite a while.
>
> Is it possible that you have a custom header template that is pointing to a different route than the default header template?
>
> - Demian
>
> -----Original Message-----
> From: Cornelius Amzar [mailto:[hidden email]]
> Sent: Friday, February 17, 2017 2:20 AM
> To: Demian Katz; [hidden email]; Winkler, Stefan
> Subject: Re: [VuFind-Tech] Shibboleth Login -> Redirect to MyResearch/Home
>
> Hi Demian,
>
> first enjoy your vacation! I think you should be able to reproduce it.
>
> The sessionInitiator called in header.phtml and printing the "Login"
> link returns /Shibboleth.sso/Login. So the referer is not saved saved.
>
> The referer is saved in /MyResearch/Login action, so I guess other auth methods are pointing here first? Just place a dump here to see the saved referer.
>
> Cornelius
>
>
>
>
> Am 16.02.2017 um 17:06 schrieb Demian Katz:
>> Cornelius,
>>
>>
>> I'll try to give this another look when I get back from vacation next
>> week. Unfortunately, since I don't have a Shibboleth instance to test
>> with, I can only simulate the workflow, so that may be the reason I'm
>> not seeing the same problem that you describe. I'd be very interested
>> to hear from other Shibboleth users. I was really under the impression
>> that we had gotten this problem sorted out, but because it's so hard
>> for me to test, it's certainly possible that something has gone wrong....
>>
>>
>> - Demian
>>
>>
>>
>> ----------------------------------------------------------------------
>> --
>> *From:* Cornelius Amzar <[hidden email]>
>> *Sent:* Thursday, February 16, 2017 10:11 AM
>> *To:* Demian Katz; [hidden email]; Winkler, Stefan
>> *Subject:* Re: [VuFind-Tech] Shibboleth Login -> Redirect to
>> MyResearch/Home
>>
>> Hi Demian,
>>
>> You're right. The referer is saved in MyResearch/Login action. The
>> problem is Shibboleth uses an external login page (the IdP). The url
>> is set in config.ini, section Shibboleth, parameter login. It's
>> default points to /Shibboleth.sso/Login which is not under control of VuFind.
>>
>> So, there is no link pointing to /MyResearch/Login and then redirects
>> to /Shibboleth.sso/Login. That's why no referer is saved.
>>
>> Seems to be a bug still open in current master, as the
>> Shibboleth.sso/Login is still there.
>>
>> Regards,
>> Cornelius
>>
>>
>>
>> Am 13.02.2017 um 16:08 schrieb Demian Katz:
>>> Cornelius,
>>>
>>> My understanding about how this is supposed to work is that, when a
>>> login prompt is triggered, VuFind should store the referring page in
>>> the user's session. When Shibboleth returns control to VuFind by
>>> redirecting to MyResearch/Home, that should complete the login
>>> process and then redirect the user back to the original
>> referring page.
>>>
>>> I know that there have been some Shibboleth-related glitches in the history of VuFind, and I can't remember exactly what has changed since release 2.5 -- but that's at least my understanding of what should be happening.
>>>
>>> If you still need help following that basic conceptual overview, I can look back at the 2.5 code and point you in the direction of where you could try debugging....
>>>
>>> - Demian
>>>
>>> -----Original Message-----
>>> From: Cornelius Amzar [mailto:[hidden email]]
>>> Sent: Monday, February 13, 2017 8:35 AM
>>> To: [hidden email]; Winkler, Stefan
>>> Subject: [VuFind-Tech] Shibboleth Login -> Redirect to
>>> MyResearch/Home
>>>
>>> Hello everybody,
>>>
>>> we're still running VuFind 2.5 and testing Shibboleth right now.
>>>
>>> After the login, the user is redirected to MyResearch/Home. If we configure another target, the login is not processed properly.
>>>
>>> The question: Is it possible to send the user back to the page that he/she visited when clicking the Login button? That would be much nicer.
>>> And is a default behavior in most web applications I know.
>>>
>>> Thanks for any suggestions!
>>>
>>> Cornelius
>>> --
>>> Cornelius Amzar, M.Sc.
>>> Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
>>> 78457 Konstanz / Germany
>>> E-Mail: [hidden email]
>>> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.b
>>> sz-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b3471
>>> 3245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225
>>> 910000543626&sdata=MPuHpvK0E9nFyB62%2FI6Dzb2CmiaNsmvafTsxuLe07fg%3D&r
>>> eserved=0
>>>
>>> ---------------------------------------------------------------------
>>> --------- Check out the vibrant tech community on one of the world's
>>> most engaging tech sites, SlashDot.org!
>>> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.l
>>> ink%2Fslashdot&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c228
>>> 1b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C
>>> 636225910000543626&sdata=PW83oAmLefWc5s9XHZOLeaRwbe%2FGBcCZY4MhAwX%2F
>>> 4wU%3D&reserved=0 _______________________________________________
>>> Vufind-tech mailing list
>>> [hidden email]
>>> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
>>> s.sourceforge.net%2Flists%2Flistinfo%2Fvufind-tech&data=02%7C01%7Cdem
>>> ian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8de
>>> 5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=Ghf9CgwM
>>> %2BYcbdpsgAeel2OiIhp%2BWbqgYZ2YrLolpqT0%3D&reserved=0
>>>
>>
>> --
>> Cornelius Amzar, M.Sc.
>> Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
>> 78457 Konstanz / Germany
>> E-Mail: [hidden email]
>> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bs
>> z-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C8b47c6091dc64ca9c
>> d7508d4567f88f5%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636228553
>> 159034140&sdata=dkxDHGG9eYGHW37cOoDZn2NP1XzDgUk1d9JURLwy5y0%3D&reserve
>> d=0
>
> --
> Cornelius Amzar, M.Sc.
> Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
> 78457 Konstanz / Germany
> E-Mail: [hidden email]
> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bsz-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C98ec492713ba457f5eea08d457056dbd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636229128218866989&sdata=aEXtC1v6x7Jv7NBYOn%2B1xubMOSXK4dVd5RiTx%2FCIMyY%3D&reserved=0
>

--
Cornelius Amzar, M.Sc.
Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
78457 Konstanz / Germany
E-Mail: [hidden email]
http://www.bsz-bw.de

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Vufind-tech mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vufind-tech
Reply | Threaded
Open this post in threaded view
|

Re: Shibboleth Login -> Redirect to MyResearch/Home

Demian Katz
You're right. It looks like it was fixed here, for the 3.0 release:

https://github.com/vufind-org/vufind/commit/1f765defad1b4d4ac469998db78089b980a412d6

- Demian

-----Original Message-----
From: Cornelius Amzar [mailto:[hidden email]]
Sent: Thursday, February 23, 2017 4:23 AM
To: Demian Katz; [hidden email]; Winkler, Stefan
Subject: Re: [VuFind-Tech] Shibboleth Login -> Redirect to MyResearch/Home

Hi Demian,

thanks, that helped. This was obviously fixed after release 2.5.

<a href="<?=$this->escapeHtmlAttr($sessionInitiator)?>"

must be replaced with

<a href="<?=$this->url('myresearch-userlogin')?>">

in header.phtml.

Thanks a lot!

Cornelius





Am 22.02.2017 um 18:53 schrieb Demian Katz:

> Cornelius,
>
> I just double-checked this against the latest master, and Shibboleth login seems to be working as I would expect it to. I can go to any arbitrary URL within VuFind, click "Institutional Login" in the header, and get redirected back to the page I came from after the login process.
>
> Note that the links are not pointing directly at Shibboleth.sso/Login, but rather at the internal VuFind MyResearch/UserLogin page. It is this page which updates the session with the referrer prior to redirecting to Shibboleth, which allows that state to be restored upon return.
>
> I can't remember exactly when this was introduced, but I think it has been around for quite a while.
>
> Is it possible that you have a custom header template that is pointing to a different route than the default header template?
>
> - Demian
>
> -----Original Message-----
> From: Cornelius Amzar [mailto:[hidden email]]
> Sent: Friday, February 17, 2017 2:20 AM
> To: Demian Katz; [hidden email]; Winkler, Stefan
> Subject: Re: [VuFind-Tech] Shibboleth Login -> Redirect to
> MyResearch/Home
>
> Hi Demian,
>
> first enjoy your vacation! I think you should be able to reproduce it.
>
> The sessionInitiator called in header.phtml and printing the "Login"
> link returns /Shibboleth.sso/Login. So the referer is not saved saved.
>
> The referer is saved in /MyResearch/Login action, so I guess other auth methods are pointing here first? Just place a dump here to see the saved referer.
>
> Cornelius
>
>
>
>
> Am 16.02.2017 um 17:06 schrieb Demian Katz:
>> Cornelius,
>>
>>
>> I'll try to give this another look when I get back from vacation next
>> week. Unfortunately, since I don't have a Shibboleth instance to test
>> with, I can only simulate the workflow, so that may be the reason I'm
>> not seeing the same problem that you describe. I'd be very interested
>> to hear from other Shibboleth users. I was really under the
>> impression that we had gotten this problem sorted out, but because
>> it's so hard for me to test, it's certainly possible that something has gone wrong....
>>
>>
>> - Demian
>>
>>
>>
>> ---------------------------------------------------------------------
>> -
>> --
>> *From:* Cornelius Amzar <[hidden email]>
>> *Sent:* Thursday, February 16, 2017 10:11 AM
>> *To:* Demian Katz; [hidden email]; Winkler, Stefan
>> *Subject:* Re: [VuFind-Tech] Shibboleth Login -> Redirect to
>> MyResearch/Home
>>
>> Hi Demian,
>>
>> You're right. The referer is saved in MyResearch/Login action. The
>> problem is Shibboleth uses an external login page (the IdP). The url
>> is set in config.ini, section Shibboleth, parameter login. It's
>> default points to /Shibboleth.sso/Login which is not under control of VuFind.
>>
>> So, there is no link pointing to /MyResearch/Login and then redirects
>> to /Shibboleth.sso/Login. That's why no referer is saved.
>>
>> Seems to be a bug still open in current master, as the
>> Shibboleth.sso/Login is still there.
>>
>> Regards,
>> Cornelius
>>
>>
>>
>> Am 13.02.2017 um 16:08 schrieb Demian Katz:
>>> Cornelius,
>>>
>>> My understanding about how this is supposed to work is that, when a
>>> login prompt is triggered, VuFind should store the referring page in
>>> the user's session. When Shibboleth returns control to VuFind by
>>> redirecting to MyResearch/Home, that should complete the login
>>> process and then redirect the user back to the original
>> referring page.
>>>
>>> I know that there have been some Shibboleth-related glitches in the history of VuFind, and I can't remember exactly what has changed since release 2.5 -- but that's at least my understanding of what should be happening.
>>>
>>> If you still need help following that basic conceptual overview, I can look back at the 2.5 code and point you in the direction of where you could try debugging....
>>>
>>> - Demian
>>>
>>> -----Original Message-----
>>> From: Cornelius Amzar [mailto:[hidden email]]
>>> Sent: Monday, February 13, 2017 8:35 AM
>>> To: [hidden email]; Winkler, Stefan
>>> Subject: [VuFind-Tech] Shibboleth Login -> Redirect to
>>> MyResearch/Home
>>>
>>> Hello everybody,
>>>
>>> we're still running VuFind 2.5 and testing Shibboleth right now.
>>>
>>> After the login, the user is redirected to MyResearch/Home. If we configure another target, the login is not processed properly.
>>>
>>> The question: Is it possible to send the user back to the page that he/she visited when clicking the Login button? That would be much nicer.
>>> And is a default behavior in most web applications I know.
>>>
>>> Thanks for any suggestions!
>>>
>>> Cornelius
>>> --
>>> Cornelius Amzar, M.Sc.
>>> Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
>>> 78457 Konstanz / Germany
>>> E-Mail: [hidden email]
>>> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.
>>> b
>>> sz-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c2281b347
>>> 1
>>> 3245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C63622
>>> 5
>>> 910000543626&sdata=MPuHpvK0E9nFyB62%2FI6Dzb2CmiaNsmvafTsxuLe07fg%3D&
>>> r
>>> eserved=0
>>>
>>> --------------------------------------------------------------------
>>> -
>>> --------- Check out the vibrant tech community on one of the world's
>>> most engaging tech sites, SlashDot.org!
>>> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.
>>> l
>>> ink%2Fslashdot&data=02%7C01%7Cdemian.katz%40villanova.edu%7C3d812c22
>>> 8
>>> 1b34713245708d4541820cd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7
>>> C
>>> 636225910000543626&sdata=PW83oAmLefWc5s9XHZOLeaRwbe%2FGBcCZY4MhAwX%2
>>> F
>>> 4wU%3D&reserved=0 _______________________________________________
>>> Vufind-tech mailing list
>>> [hidden email]
>>> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis
>>> t
>>> s.sourceforge.net%2Flists%2Flistinfo%2Fvufind-tech&data=02%7C01%7Cde
>>> m
>>> ian.katz%40villanova.edu%7C3d812c2281b34713245708d4541820cd%7C765a8d
>>> e
>>> 5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636225910000543626&sdata=Ghf9Cgw
>>> M
>>> %2BYcbdpsgAeel2OiIhp%2BWbqgYZ2YrLolpqT0%3D&reserved=0
>>>
>>
>> --
>> Cornelius Amzar, M.Sc.
>> Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
>> 78457 Konstanz / Germany
>> E-Mail: [hidden email]
>> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.b
>> s
>> z-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C8b47c6091dc64ca9
>> c
>> d7508d4567f88f5%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C63622855
>> 3
>> 159034140&sdata=dkxDHGG9eYGHW37cOoDZn2NP1XzDgUk1d9JURLwy5y0%3D&reserv
>> e
>> d=0
>
> --
> Cornelius Amzar, M.Sc.
> Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
> 78457 Konstanz / Germany
> E-Mail: [hidden email]
> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bs
> z-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C98ec492713ba457f5
> eea08d457056dbd%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636229128
> 218866989&sdata=aEXtC1v6x7Jv7NBYOn%2B1xubMOSXK4dVd5RiTx%2FCIMyY%3D&res
> erved=0
>

--
Cornelius Amzar, M.Sc.
Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
78457 Konstanz / Germany
E-Mail: [hidden email]
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bsz-bw.de&data=02%7C01%7Cdemian.katz%40villanova.edu%7C85a514caf79d451eabbf08d45bcd858c%7C765a8de5cf9444f09cafae5bf8cfa366%7C1%7C0%7C636234385655628503&sdata=RxuhRuHgoK2V0329lfqUQKR%2BlMkXz6%2Bu5IYPa2mzpl0%3D&reserved=0

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Vufind-tech mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vufind-tech