Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ModPerl: ModPerl

[ANNOUNCE] Apache2::AuthAny

 

 

ModPerl modperl RSS feed   Index | Next | Previous | View Threaded


kgoldov at gmail

Mar 23, 2011, 1:52 PM

Post #1 of 6 (782 views)
Permalink
[ANNOUNCE] Apache2::AuthAny

I’ve created a module we are calling Apache2::AuthAny. The module utilizes
other authentication modules or internal code, and provides a single “GATE”
page where the end user can choose between authentication mechanisms.
AuthAny currently provides login to the “Distribute System”, which is used
to collect and disseminate influenza surveillance data. The authentication
mechanisms used for Distribute include Google, Shibboleth, and HTTP
authentication. Logout is supported for all mechanisms, including HTTP
authentication which is not normally possible.



We would like to release Apache2::AuthAny on CPAN. I’m posting to this list
per CPAN guidelines. Please respond if you have concerns about the
namespace, would like to review the code, or have suggestions of any sort.
Further documentation and a demo is currently running at
https://authany.cirg.washington.edu.



Kim


perrin at elem

Mar 25, 2011, 5:39 AM

Post #2 of 6 (750 views)
Permalink
Re: [ANNOUNCE] Apache2::AuthAny [In reply to]

On Wed, Mar 23, 2011 at 4:52 PM, Kim Goldov <kgoldov [at] gmail> wrote:
> We would like to release Apache2::AuthAny on CPAN.

Please go ahead!

How did you implement the logout for HTTP auth?

- Perrin


kgoldov at gmail

Mar 25, 2011, 5:15 PM

Post #3 of 6 (752 views)
Permalink
Re: [ANNOUNCE] Apache2::AuthAny [In reply to]

AuthAny has its own Authen and Authz handlers, however instead of returning
a 401, these handlers redirect to a "GATE" page which contains links for
each provider. The "basic auth" type links point to a directory with a
random value appended. This random value is kept in the database and cycled
with each logout. Browsers will not send the authorization header to the new
directory. The AuthName is also appended with a random string to assure that
the challenge pop-up is presented each time. This logout mechanism and
logout mechanisms for other providers allows AuthAny to maintain its own
permanent cookie in its database for control over recognition or
authentication states.

Kim

On Fri, Mar 25, 2011 at 5:39 AM, Perrin Harkins <perrin [at] elem> wrote:

> On Wed, Mar 23, 2011 at 4:52 PM, Kim Goldov <kgoldov [at] gmail> wrote:
> > We would like to release Apache2::AuthAny on CPAN.
>
> Please go ahead!
>
> How did you implement the logout for HTTP auth?
>
> - Perrin
>


perrin at elem

Mar 26, 2011, 7:49 AM

Post #4 of 6 (748 views)
Permalink
Re: [ANNOUNCE] Apache2::AuthAny [In reply to]

On Fri, Mar 25, 2011 at 8:15 PM, Kim Goldov <kgoldov [at] gmail> wrote:
> The "basic auth" type links point to a directory with a
> random value appended. This random value is kept in the database and cycled
> with each logout.

Very clever! Thanks for your contribution to CPAN.

- Perrin


fred at redhotpenguin

Mar 26, 2011, 12:55 PM

Post #5 of 6 (742 views)
Permalink
Re: [ANNOUNCE] Apache2::AuthAny [In reply to]

Yes, please post a link to the source! A good place to post
development versions before uploading an 'official' release to CPAN is
GitHub - http://github.com

On Wed, Mar 23, 2011 at 1:52 PM, Kim Goldov <kgoldov [at] gmail> wrote:
> I’ve created a module we are calling Apache2::AuthAny. The module utilizes
> other authentication modules or internal code, and provides a single “GATE”
> page where the end user can choose between authentication mechanisms.
> AuthAny currently provides login to the “Distribute System”, which is used
> to collect and disseminate influenza surveillance data. The authentication
> mechanisms used for Distribute include Google, Shibboleth, and HTTP
> authentication. Logout is supported for all mechanisms, including HTTP
> authentication which is not normally possible.
>
>
>
> We would like to release Apache2::AuthAny on CPAN. I’m posting to this list
> per CPAN guidelines. Please respond if you have concerns about the
> namespace, would like to review the code, or have suggestions of any sort.
> Further documentation and a demo is currently running at
> https://authany.cirg.washington.edu.
>
>
>
> Kim


kgoldov at gmail

Apr 27, 2011, 3:56 PM

Post #6 of 6 (620 views)
Permalink
Re: [ANNOUNCE] Apache2::AuthAny [In reply to]

I've gotten AuthAny to an acceptable state for review. It can be downloaded
from the demo site:

https://authany.cirg.washington.edu/download/

If you would like to install it, please be sure to read the "README".

There are a couple of problems with this release:

1) I created a "post-install.pl" script for use after the "make install"
step.
I'm sure there was a better way to handle this.

2) "make test" produces some errors that I'm not sure how to handle or
suppress.
My "DB.t" tests works correctly if the database has been set up (as noted
in the README), however some warnings are going to stdout.

Some other problems are listed under "ISSUES" in the AuthAny.pm perldoc:
https://authany.cirg.washington.edu/doc/AuthAny.html

Kim

On Sat, Mar 26, 2011 at 12:55 PM, Fred Moyer <fred [at] redhotpenguin> wrote:

> Yes, please post a link to the source! A good place to post
> development versions before uploading an 'official' release to CPAN is
> GitHub - http://github.com
>
> On Wed, Mar 23, 2011 at 1:52 PM, Kim Goldov <kgoldov [at] gmail> wrote:
> > I’ve created a module we are calling Apache2::AuthAny. The module
> utilizes
> > other authentication modules or internal code, and provides a single
> “GATE”
> > page where the end user can choose between authentication mechanisms.
> > AuthAny currently provides login to the “Distribute System”, which is
> used
> > to collect and disseminate influenza surveillance data. The
> authentication
> > mechanisms used for Distribute include Google, Shibboleth, and HTTP
> > authentication. Logout is supported for all mechanisms, including HTTP
> > authentication which is not normally possible.
> >
> >
> >
> > We would like to release Apache2::AuthAny on CPAN. I’m posting to this
> list
> > per CPAN guidelines. Please respond if you have concerns about the
> > namespace, would like to review the code, or have suggestions of any
> sort.
> > Further documentation and a demo is currently running at
> > https://authany.cirg.washington.edu.
> >
> >
> >
> > Kim
>

ModPerl modperl RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.