Tags:
create new tag
, view all tags

SiteMinderPlugin

Background

Authentication via SiteMinder

We use siteminder for connecting TWiki to our corporate Intranet Login system.

The documents below are for SiteMinder. The particular piece we need to handle is to get TWiki to pick up the HTTP_SM_USER instead of REMOTE_USER and have this select the user's WikiName.

From siteminder-agent-guide.pdf page 222:

As part of the Web application environment, the SiteMinder Agent submits default HTTP headers to the Web server, which in turn, makes them available for Web applications. You can use these headers to include functions and enable your Web applications to personalize content. Headers can store information such as a user name and the type of action a user is authorized to perform.

The Agent sends these headers regardless of whether they are called from a Web application; however, you can disable some of these headers so that they do not use up header space. For information about disabling headers, refer to Disabling Default HTTP Header Variables on page 224. The following tables list the SiteMinder default HTTP headers for Web Agents and Affiliate Agents.

HTTP_SM_USER Login name of the authenticated user.

The following extra files, from the siteminder install directory are likely to be useful to you:

  • C:\Program Files\Netegrity\SiteMinder Web Agent\Docs\readme451.txt
  • C:\Program Files\Netegrity\SiteMinder Web Agent\Docs\siteminder-agent-guide.pdf
  • C:\Program Files\Netegrity\SiteMinder Web Agent\Docs\siteminder-customizing-dms.pdf
  • C:\Program Files\Netegrity\SiteMinder Web Agent\Docs\siteminder-installation-guide.pdf
  • C:\Program Files\Netegrity\SiteMinder Web Agent\Docs\siteminder-nettl-description.pdf

Additionally, the testsiteminder.pl script, which could be placed in the bin directory would also be of use when testing.

How to install this plugin

Integrates Twiki with SiteMinder to provide integrated authentication capabilities. All Twiki user names are of the format FirstnameInitialLastname compared with siteminder user name of firstname.initial.lastname

HACK WARNING:

Owing to limitations of the plugin infrastructre, changes are also necessary to TWiki.pm. These are highlighted below:

At the top:

#added for use with SiteMinder
#use TWiki::SiteMinder;

In initialize subroutine:

    $cgiQuery = $theQuery;

    *##added for Siteminder integration*
    *$ENV{'REMOTE_USER'} = &TWiki::Plugins::SiteMinderPlugin::setUpRemoteUser();*

In initializeremoteuser subroutine (after untaint line below):

   $remoteUser = $1;  # untaint variable
    
    *#RJE - take from siteminder instead of REMOTE_USER*
    *#must declare as SiteMinder is not initialised at this point in execution*
    *use TWiki::Plugins::SiteMinderPlugin;*
    *$remoteUser = &TWiki::Plugins::SiteMinderPlugin::setUpRemoteUser();*

In userToWikiName subroutine set $wUser as below:


    *my $wUser = $userToWikiList{ $loginUser } || $userToWikiList{ $TWiki::defaultUserName } || $loginUser; # MRJC*

Add new internal tag:


*$_[0] =~ s/%FULL_NAME%/&handleEnvVariable('HTTP_FULLNAME')/geo;*

Edit.pl changes

Following code was added immeditately before the check for existence of the webname in main subroutine
    #if the person editing is not known, make them register
    if( $wikiUserName eq &TWiki::userToWikiName( $TWiki::defaultUserName ) ){
   #redirect to the TWiki registration page
        TWiki::redirect( $query, &TWiki::getViewUrl( $TWiki::twikiWebname, "TwikiRegistration") );
        return;
    }

    if( ! &TWiki::Store::webExists( $webName ) ) {

Register.pl changes - code added after parameters from HTML form are read

    $wikiName = &TWiki::Plugins::SiteMinderPlugin::wikiNameFromSiteMinderName();

Syntax Rules

Plugin Settings

  • One line description, is shown in the TextFormattingRules topic:
    • Set SHORTDESCRIPTION = Authenticate users with SiteMinder access control system.

Test cases

  • Variable %PERSONNELNO % value is '%PERSONNELNO%' - this should show your personnel number as derived from environment variable HTTP_PERSONNELNUMBER
  • Variable %FULL_NAME % value is '%FULL_NAME%' - this should show your full name, with names such as McDonald showing as Macdonald

Plugin Installation Instructions

  • Download the ZIP file from the Plugin web (see below)
  • Unzip ONLY SiteMinderPlugin.pm and TWikiRegistration.txt from SiteMinderPlugin.zip into your twiki installation directory. Content:                                                                                    
    File: Description:
    data/TWiki/SiteMinderPlugin.txt Plugin topic
    data/TWiki/TWikiRegistration.txt Updated registration page - Wiki name can no longer be set by user
    lib/TWiki/Plugins/SiteMinderPlugin.pm Plugin Perl module
    lib/TWiki/Twiki.pm = Contains hacks described above
    ==bin/edit.pl = Changes for redirect to registration page
    =bin/register.pl = Changes to remove choice of Wiki username from user
    ==data/TWiki/SiteMinderPlugin.txt These instructions

  • Once SiteMinderPlugin is in the Plugins directory, the documentation present and Twiki.pm has been updated, it will operate

Plugin Info

One Line Description: SiteMinder support
Plugin Author: MartinCleaver and friends
Plugin Version: 0.1
Change History: 1st Nov 2001: Added... Initial version
CPAN Dependencies: None
Other Dependencies: Siteminder installed
Perl Version:  
Plugin Home: http://TWiki.org/cgi-bin/view/Plugins/SiteMinderPlugin
Feedback: http://TWiki.org/cgi-bin/view/Plugins/SiteMinderPluginDev

Related Topics: SiteMinder

-- MartinCleaver - 01 Nov 2001

Its been brought to my attention that this plugin has gone significantly crusty. If you are using this plugin with the latest version I urge you to take ownership and upload a new version for the good of us all.

If noone comments by Nov 2004, and you are reading this topic, please recategorise this as an ObsoletePluginPackage.

-- MartinCleaver - 27 Feb 2004

Well, it's Jan 19, 2005 so since this came up in my search for data and it's now officially after Nov 2004 i'll change the classification to Obsolete.

-- BrentTokarchuk - 19 Jan 2005

Topic attachments
I Attachment History Action Size Date Who Comment
Compressed Zip archivezip SiteMinderPlugin.zip r1 manage 27.3 K 2001-12-29 - 00:23 MartinCleaver  
Perl source code filepl testsiteminder.pl r1 manage 0.9 K 2001-12-29 - 00:12 MartinCleaver  
Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r6 - 2005-01-19 - BrentTokarchuk
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.