Shibboleth: make use of redirectPage logic for shib users #1551
Comments
- #1551 was opened to think about how to have Shib users use the redirectPage logic
|
I mentioned what I think will be the fix at http://irclog.perlgeek.de/shibboleth/2015-04-14 I'll have to figure out how to get the redirect value and pass it here: |
|
@scolapasta I have this issue marked as "out of scope" right now for #2939 but I've mentioned to @mheppler that I'd take a look. Can I pick your brain about the code? I'm attaching a diff for the area of the code I'm messing with. The diff contains hard-coded values but when we do this for real we'd need to get the values from the backing bean and put them somehow in the Javascript. Anyway, here's the diff: |
|
This week in the "2016-10-18 Meeting and demo about OAuth and ORCID login" notes at https://docs.google.com/document/d/1Lja6sqG0Ljg2Q6suoMJbYr3J01DTpw6HkgvRwdbEDXQ/edit?usp=sharing I mentioned that ideally we'd also let ORCID users make use of the redirect logic that local users benefit from. In the code local users are called "builtin" users. |
|
Odum received a request for this functionality; bumping on behalf of Carleton College. |
|
@donsizemore thanks for the feedback. Perhaps this could be addressed at the same time as #3486. |
|
We had what I thought was a nice solution in place in pull request #3539 but we backed out of it in 3f03f6f. Last week @thegaryking mentioned he's interested in a fix. A couple days ago @aivanov100 posted about an approach that works for their installation which is Shibboleth-only: https://groups.google.com/d/msg/dataverse-dev/SaVf172LQ4o/jb3AOqyvBAAJ . Here's the diff he included which is worth studying at least, even if it's not a drop-in solution: shib_login_links.diff.txt |
|
@pdurbin my approach is specific to our implementation in that we do not want our users to use the IdPSelect dropdown to login. We are not configuring a Federated IdP, we are just trying to trick our users into thinking that our Drupal site and our Dataverse site are two different parts of the same site. For both Drupal and Dataverse, we've overwritten the Login links to point directly to our IdP login page. The redirectPage parameter is set in the url query string, so the user is successfully brought back to the page they were on when they clicked Login. However, our approach would not work if logins from multiple IdPs were supported and the IdPSelect dropdown was involved in the login process. Best, |
|
@aivanov100 ok, so your approach isn't generalizable. That's fine. Thanks. |
|
Odum received another request for this functionality; bumping on behalf of East Carolina University. |
|
@donsizemore thanks. Speaking of bumping, please note that as of last week we have introduced a new column in https://waffle.io/IQSS/dataverse called "Inbox" where this issue currently lives. Here are the definitions:
Here's how it looks:
You are welcome to leave comments but I hope this helps explain the process. 😄 |
|
Boston College also asked about it: RT 249556 |
|
Tested on dataverse-test.irss.unc.edu - works as advertised. |
|
Pull request #3910 looks good! Thanks, @aivanov100 for making it and @donsizemore for testing it! |
|
@kcondon noticed that pull request #3910 was behind develop so I just created pull request #3929 which is the same code (commits by @aivanov100 and @oscardssmith) but with the latest from develop merged in. |
"Implement redirect logic for when a user logs in or signs up when they aren't on the homepage" was developed in #869 but only builtin users benefit from it. It would be nice if Shibboleth users got the same feature.
For Shibboleth, we'd need to pass the "redirectPage" parameter and value (i.e. redirectPage=%2Fdataverse.xhtml) to the Shib Identity Provider (IdP) and have the IdP return it to us.
The text was updated successfully, but these errors were encountered: