Enable an external authentication system (*)

What is the mechanism?

The common way:
- sit behind a reverse proxy
- proxy intercepts a special request
- after login is complete, proxy redirects to the original request.
- HTTP header must contain a UID or equivalent identifier.
- Commonly Apache, with a module to accomplish the work
The other way
- specify a redirection URL
- No proxy or interception required.
- HTTP header is the same.
Where is the /loginExternalAuthReturn page?
- VIVO just redirects from there.
  - Home page
  - Profile page
  - New account

How to debug?

Is the request being intercepted?
- Increase the log settings
- Look at headers
- Is your UID in a header?
- Configure VIVO to read that header.
Otherwise, configure the reverse proxy to intercept it.

2014-03-26 14:15:32,096 DEBUG [LoginExternalAuthReturn] ------------request:http://localhost:8080/vivo/loginExternalAuthReturn
2014-03-26 14:15:32,101 DEBUG [LoginExternalAuthReturn] host=localhost:8080
2014-03-26 14:15:32,101 DEBUG [LoginExternalAuthReturn] origin=https://ligo.tw.rpi.edu
2014-03-26 14:15:32,101 DEBUG [LoginExternalAuthReturn] cookie=JSESSIONID=C821D915DD2DAE74731486F29EF5EF6E; _shibsession_64656661756c7468747470733a2f2f7477322e74772e7270692e6564752f73686962626f6c657468=_ede84590605590017f65fd47d897bf9e; _shibstate_1395857627_c1ba=
2014-03-26 14:15:32,101 DEBUG [LoginExternalAuthReturn] accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
2014-03-26 14:15:32,101 DEBUG [LoginExternalAuthReturn] user-agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/7.0.2 Safari/537.74.9
2014-03-26 14:15:32,101 DEBUG [LoginExternalAuthReturn] accept-language=en-us
2014-03-26 14:15:32,101 DEBUG [LoginExternalAuthReturn] referer=https://ligo.tw.rpi.edu/idp/profile/SAML2/Redirect/SSO
2014-03-26 14:15:32,101 DEBUG [LoginExternalAuthReturn] accept-encoding=gzip, deflate
2014-03-26 14:15:32,101 DEBUG [LoginExternalAuthReturn] shib-cookie-name=
2014-03-26 14:15:32,101 DEBUG [LoginExternalAuthReturn] shib-session-id=_ede84590605590017f65fd47d897bf9e
2014-03-26 14:15:32,101 DEBUG [LoginExternalAuthReturn] shib-session-index=_6a470e1d2566f397fdc5e84d7f9a6830
2014-03-26 14:15:32,101 DEBUG [LoginExternalAuthReturn] shib-identity-provider=https://ligo.tw.rpi.edu/idp/shibboleth
2014-03-26 14:15:32,101 DEBUG [LoginExternalAuthReturn] shib-authentication-method=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] shib-authentication-instant=2014-03-26T18:15:31.945Z
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] shib-authncontext-class=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] shib-authncontext-decl=
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] shib-assertion-count=
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] eppn=
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] affiliation=
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] unscoped-affiliation=
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] entitlement=
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] targeted-id=
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] persistent-id=
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] cn=Momo
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] sn=Chen
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] shib-application-id=default
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] remote_user=
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] x-forwarded-for=128.113.243.51
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] x-forwarded-host=tw2.tw.rpi.edu
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] x-forwarded-server=tw2.tw.rpi.edu
2014-03-26 14:15:32,102 DEBUG [LoginExternalAuthReturn] connection=Keep-Alive
2014-03-26 14:15:32,103 DEBUG [LoginExternalAuthReturn] externalAuthID='null'

Page tree

Enable an external authentication system (*)