Download the PHP package ykweyer/yourls-authmgrplus-shibboleth without Composer
On this page you can find all versions of the php package ykweyer/yourls-authmgrplus-shibboleth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download ykweyer/yourls-authmgrplus-shibboleth
More information about ykweyer/yourls-authmgrplus-shibboleth
Files in ykweyer/yourls-authmgrplus-shibboleth
Package yourls-authmgrplus-shibboleth
Short Description Extends YOURLS AuthMgrPlus plugin to add Shibboleth compatibility
License GPL-2.0-or-later
Informations about the package yourls-authmgrplus-shibboleth
Shibboleth authentication for AuthMgrPlus
This plugin will enable authentication with Shibboleth in Yourls using AuthMgrPlus.
It is based on Fuero's Shibboleth plugin, but externalises the RBAC logic to AuthMgrPlus
Licensing
This plugin is licensed under the terms of the GNU General Public License, version 2 (GPLv2) or later. License conditions are included in LICENSE or can be found at the GNU website.
Prerequisites
If you have no idea what Shibboleth is, or what an IdP or an SP is, familiarize yourself with the terms by reading this.
- Shibboleth SP is installed and working properly
- IdP is releasing attributes used by plugin (by default:
cn
,entitlement
) - Verify that this works with a short test page (see Testing your shibboleth setup)
- YOURLS >= 1.7
Installation
- Copy this folders content under
user/plugins/yourls-authmgrplus-shibboleth
- Ensure AuthMgrPlus is installed and enabled
- Enable the plugin in yourls
-
Configure httpd
Your web server configuration need to be adjusted to accomodate Shibboleth. Here's a sample configuration you can use:
- Restart httpd for the changes to take effect.
Testing your shibboleth setup
Drop the following code in admin/test-sp.php
:
Accessing this in your browser will yield something like this:
Array
(
[SCRIPT_URL] => /admin/test-sp.php
[SCRIPT_URI] => https://yourls.local/admin/test-sp.php
[Shib-Application-ID] => default
[Shib-Session-ID] => _d123456789eef1e35f96b29725731b2e6
[Shib-Identity-Provider] => https://your-idp-host/idp/shibboleth
[Shib-Authentication-Instant] => 2001-01-1T00:00:00.000Z
[Shib-Authentication-Method] => urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
[Shib-AuthnContext-Class] => urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
[Shib-Session-Index] => _a4fa5ffe838191234567890c6ea23bd
[cn] => your-user-id
[entitlement] => urn:mace:dir:entitlement:yourls.local:admin
[persistent-id] => some-persistent-id
[HTTPS] => on
[SSL_TLS_SNI] => yourls.local
[HTTP_HOST] => yourls.local
[HTTP_USER_AGENT] => Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[HTTP_ACCEPT_LANGUAGE] => en,en-us;q=0.7,de-at;q=0.3
[HTTP_ACCEPT_ENCODING] => gzip, deflate
[HTTP_COOKIE] => some-cookie-data
[HTTP_CONNECTION] => keep-alive
[PATH] => /sbin:/usr/sbin:/bin:/usr/bin
[SERVER_SIGNATURE] => Apache
[SERVER_SOFTWARE] => Apache
[SERVER_NAME] => yourls.local
[SERVER_ADDR] => 8.8.8.8
[SERVER_PORT] => 443
[REMOTE_ADDR] => 1.1.1.1
[DOCUMENT_ROOT] => /path/to/yourls
[SERVER_ADMIN] => root@localhost
[SCRIPT_FILENAME] => /path/to/yourls/admin/test-sp.php
[REMOTE_PORT] => 4711
[REMOTE_USER] => some-persistent-id
[AUTH_TYPE] => shibboleth
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /admin/test-sp.php
[SCRIPT_NAME] => /admin/test-sp.php
[PHP_SELF] => /admin/test-sp.php
[PHP_AUTH_USER] => some-persistent-id
[REQUEST_TIME] => 1366872110
)
Verify that the attributes you want to specify for SHIBBOLETH_ENTITLEMENT
and
SHIBBOLETH_UID
are present and have reasonable values (example below):
[cn] => your-user-id
[entitlement] => urn:mace:dir:entitlement:yourls.local:admin
Configuration
Settings the plugin reads from user/config.php
and their defaults: