SiteMinderPlugin
Background
Authentication via
SiteMinder
We use siteminder for connecting TWiki to our corporate Intranet Login system.
The documents below are for
SiteMinder. The particular piece we need to handle is to get TWiki to pick up the HTTP_SM_USER instead of REMOTE_USER and have this select the user's
WikiName.
From siteminder-agent-guide.pdf page 222:
As part of the Web application environment, the
SiteMinder Agent submits
default HTTP headers to the Web server, which in turn, makes them
available for Web applications. You can use these headers to include
functions and enable your Web applications to personalize content. Headers
can store information such as a user name and the type of action a user is
authorized to perform.
The Agent sends these headers regardless of whether they are called from a
Web application; however, you can disable some of these headers so that
they do not use up header space. For information about disabling headers,
refer to Disabling Default HTTP Header Variables on page 224.
The following tables list the
SiteMinder default HTTP headers for Web
Agents and Affiliate Agents.
HTTP_SM_USER |
Login name of the authenticated user. |
The following extra files, from the siteminder install directory are likely to be useful to you:
- C:\Program Files\Netegrity\SiteMinder Web Agent\Docs\readme451.txt
- C:\Program Files\Netegrity\SiteMinder Web Agent\Docs\siteminder-agent-guide.pdf
- C:\Program Files\Netegrity\SiteMinder Web Agent\Docs\siteminder-customizing-dms.pdf
- C:\Program Files\Netegrity\SiteMinder Web Agent\Docs\siteminder-installation-guide.pdf
- C:\Program Files\Netegrity\SiteMinder Web Agent\Docs\siteminder-nettl-description.pdf
Additionally, the testsiteminder.pl script, which could be placed in the bin directory would also be of use when testing.
How to install this plugin
Integrates Twiki with
SiteMinder to provide integrated authentication capabilities.
All Twiki user names are of the format
FirstnameInitialLastname compared with siteminder user name of firstname.initial.lastname
HACK WARNING:
Owing to limitations of the plugin infrastructre, changes are also necessary to TWiki.pm. These are highlighted below:
At the top:
#added for use with SiteMinder
#use TWiki::SiteMinder;
In initialize subroutine:
$cgiQuery = $theQuery;
*##added for Siteminder integration*
*$ENV{'REMOTE_USER'} = &TWiki::Plugins::SiteMinderPlugin::setUpRemoteUser();*
In initializeremoteuser subroutine (after untaint line below):
$remoteUser = $1; # untaint variable
*#RJE - take from siteminder instead of REMOTE_USER*
*#must declare as SiteMinder is not initialised at this point in execution*
*use TWiki::Plugins::SiteMinderPlugin;*
*$remoteUser = &TWiki::Plugins::SiteMinderPlugin::setUpRemoteUser();*
In userToWikiName subroutine set $wUser as below:
*my $wUser = $userToWikiList{ $loginUser } || $userToWikiList{ $TWiki::defaultUserName } || $loginUser; # MRJC*
Add new internal tag:
*$_[0] =~ s/%FULL_NAME%/&handleEnvVariable('HTTP_FULLNAME')/geo;*
Edit.pl changes
Following code was added immeditately before the check for existence of the webname in main subroutine
#if the person editing is not known, make them register
if( $wikiUserName eq &TWiki::userToWikiName( $TWiki::defaultUserName ) ){
#redirect to the TWiki registration page
TWiki::redirect( $query, &TWiki::getViewUrl( $TWiki::twikiWebname, "TwikiRegistration") );
return;
}
if( ! &TWiki::Store::webExists( $webName ) ) {
Register.pl changes - code added after parameters from HTML form are read
$wikiName = &TWiki::Plugins::SiteMinderPlugin::wikiNameFromSiteMinderName();
Syntax Rules
Plugin Settings
- One line description, is shown in the TextFormattingRules topic:
- Set SHORTDESCRIPTION = Authenticate users with SiteMinder access control system.
Test cases
- Variable %PERSONNELNO % value is '%PERSONNELNO%' - this should show your personnel number as derived from environment variable HTTP_PERSONNELNUMBER
- Variable %FULL_NAME % value is '%FULL_NAME%' - this should show your full name, with names such as McDonald showing as Macdonald
Plugin Installation Instructions
- Download the ZIP file from the Plugin web (see below)
- Unzip ONLY
SiteMinderPlugin.pm
and TWikiRegistration.txt
from SiteMinderPlugin.zip
into your twiki installation directory. Content: File: | Description: |
data/TWiki/SiteMinderPlugin.txt | Plugin topic |
data/TWiki/TWikiRegistration.txt | Updated registration page - Wiki name can no longer be set by user |
lib/TWiki/Plugins/SiteMinderPlugin.pm | Plugin Perl module |
lib/TWiki/Twiki.pm = | Contains hacks described above |
==bin/edit.pl = | Changes for redirect to registration page |
=bin/register.pl = | Changes to remove choice of Wiki username from user |
==data/TWiki/SiteMinderPlugin.txt | These instructions |
- Once SiteMinderPlugin is in the Plugins directory, the documentation present and Twiki.pm has been updated, it will operate
Plugin Info
Related Topics: SiteMinder
--
MartinCleaver - 01 Nov 2001
Its been brought to my attention that this plugin has gone significantly crusty. If you are using this plugin with the latest version I urge you to take ownership and upload a new version for the good of us all.
If noone comments by Nov 2004, and you are reading this topic, please recategorise this as an
ObsoletePluginPackage.
--
MartinCleaver - 27 Feb 2004
Well, it's Jan 19, 2005 so since this came up in my search for data and it's now officially after Nov 2004 i'll change the classification to Obsolete.
--
BrentTokarchuk - 19 Jan 2005