Accessing authentication information

From RavenWiki
Revision as of 13:46, 10 October 2019 by jmw11 (talk | contribs) (→‎for IIS and Ucam Webauth IIS: Replace link to doc with wiki)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

The 'Container managed' Authentication Agents, like mod_ucam_webauth and Ucam WebAuth IIS, make authentication information available to scripts and other dynamic content that they protect. The scripts can use this information to make their own authorisation decisions, customise their output, etc.

Here are some example scripts (that just display a single value) to show how to access this information from various environments and languages. Please feel free to extend it with more examples.

for Apache and mod_ucam_webauth

To see what's available, and the names under which it's stored, see section 3, 'Authentication Information', of the mod_ucam_webauth documentation.

CGI and Perl

The information is put into the environment of the CGI script. Exactly how you access it depends on the language of the script. Here's a Perl example: 

#!/usr/bin/perl -T
                                                                                
use strict;
use warnings;
                                                                                
print "Content-type: text/html; charset=ISO-8859-1\n";
print "\n";
                                                                                
print "<html>\n";
print "<head>\n";
print "<title>Demo</title>\n";
print "</head>\n";
print "<body>\n";
print "<p>Hi $ENV{REMOTE_USER}, hope you enjoyed the course</p>\n";
print "</body>\n";
print "</html>\n";

PHP

<html>
<head>
<title>Demo</title>
</head>
<body>
<p>Hi <?php echo $_SERVER['REMOTE_USER'] ?>, hope you enjoyed the
course</p>
</body>
</html>

Depending on exactly how your PHP environment is set up, you may alternatively find the authentication information in the $_ENV array, or you may find all the names have had 'REDIRECT_' tacked on the front (so REDIRECT_REMOTE_USER rather than REMOTE_USER). You may also find the phpinfo() function useful for working what's going on.

In some PHP installations, the information normally found in $_SERVER['REMOTE_USER'] may also appear in the variable $REMOTE_USER. However this only happens where register_globals (in the main configuration file) is set to ON. This was the default in versions of PHP prior to 4.2.0, but since having register_globals set to ON can be a serious security problem it now defaults to OFF and should probably be let that way. There's an explanation of why enabling register_globals is such a concern at http://uk2.php.net/manual/en/security.registerglobals.php

SHTML

You can't include variables in a plain HTML page because Apache doesn't manipulate such files when serving them. However it has a 'Server Parsed HTML' format, provided by mod_include, which can include variables. Here's an example using that: 

                    
<html>
<head>
<title>Demo</title>
</head>
<body>
<p>Hi <!--#echo var=REMOTE_USER -->, hope you enjoyed the course</p>
</body>
</html>

for IIS and Ucam Webauth IIS

To see what's available, and the names under which it's stored, see section 6, 'Authentication Information', of the Ucam Webauth IIS documentation.

ASP

<%@ LANGUAGE = VBScript %>

<html>
<head>
<title>Demo</title>
</head>
<body>
<p>Hi <%=Request.ServerVariables("REMOTE_USER") %>, hope you enjoyed the course</p>
</body>
</html>
Retrieved from "https://wiki.cam.ac.uk/wiki/raven/index.php?title=Accessing_authentication_information&oldid=2872"