Authentication plugin for AjaXplorer
Tags: intermediate
, file
, manager
, primo
Last Updated: Nov 17, 2010 17:26
- Description
This is an authentication plugin for AjaXplorer. It allows authentication against Primo's Back Office user database and can provide access to e.g. Primo's user interface files (html, css, images etc.). It can also create institution-specific repository paths dynamically.We use this mechanism to avoid the need to manage shell accounts for the administrators. AjaXplorer has some very nice features such as integration with CKEditor to provide wysiwyg html editing capabilities.
In addition to the AjaXplorer plugin, a cgi script providing the user verification is used in Primo's end. Both pieces are semi-generic and could be easily adapted for other purposes too.
- Author: Ere Maijala
- Additional author(s):
- Institution: None
- Year: 2010
- License (Remote auth cgi script): MPL 1.1 / GPL 2.0
- Short description: Use, modification and distribution of the code are permitted provided the copyright notice, list of conditions and disclaimer appear in all related material.
- Link to terms: MPL 1.1, GPL 2.0
- License (AjaXplorer plugin): LGPL 2.0
- Short description: Use, modification and distribution of the code are permitted provided the copyright notice, list of conditions and disclaimer appear in all related material.
- Link to terms: LGPL 2.1
- Skill required for using this code: intermediate
- State
- Programming language
- Software requirements
- Screen captures
- Author(s) homepage
- Download
- Using the following Ex Libris open interfaces
- Changes
- Release notes
- Installation Instructions
- Install the CGI Script
- Install the Authentication Plugin
- Configure Authentication
- Setup Static Repositories
- TO DO list
- Known issues
- Comments
State
Stable
Programming language
PHP and Perl
Software requirements
- Primo 3
- AjaXplorer 3.03 or newer (http://www.ajaxplorer.info/)
- Requires Apache with PHP support
- AjaXplorer needs to have access to directories to be managed (i.e. the user Apache is running as needs to be able to access them, including write access to writable repositories)
Screen captures
 |
Author(s) homepage
http://www.nationallibrary.fi/
Download
remote_auth.cgi
class.remote_httpAuthDriver.php
manifest.xml
Using the following Ex Libris open interfaces
-
Changes
Version 1.0 11 nov 2010
- Initial release
Release notes
In AjaXplorer the user's permissions are determined according to the user role in Primo Back Office. Primo superadmin gets administrator permissions in AjaXplorer, admin and view manager get normal user permissions and other users cannot log in to AjaXplorer.
Installation Instructions
The basic AjaXplorer installation is not described here. Follow its own installation instructions and test that it works standalone before proceeding.
Install the CGI Script
Where the cgi script resides is not important. We have it under Primo's own Apache server, but it could be any other web server with cgi script support (e.g. the one that AjaXplorer runs in). These instructions assume that Primo's Apache is used. Just make sure that environment variables ORA_HOST, ORACLE_SID and ORA_USER_PREFIX are set, or replace them in the script with correct values.
- Create cgi-bin directory under /exlibris/primo/p3_x/primoe/apache (if it doesn't exist yet)
- Copy remote_auth.cgi to /exlibris/primo/p3_x/primoe/apache/cgi-bin
- Make it executable (chmod +x remote_auth.cgi)
- Verify that the script works by accessing it via the browser (e.g. http://server:8991/cgi-bin/remote_auth.cgi). It should return "unauthorized".
- If the web server is widely accessible, secure the access to remote_auth.cgi to avoid the possibility of attacks e.g. by adding the following to a suitable position, such as after all Directory specifications, in Apache httpd.conf (replace 127.0.0.1 with the proper address if AjaXplorer is on another server):
Install the Authentication Plugin
- Under AjaXplorer's plugins directory, create directory auth.remote_http
- Copy class.remote_httpAuthDriver.php and manifest.xml to the directory
Configure Authentication
- Add the following settings to AjaXplorer's server/conf/conf.php in the PLUGINS array:
- Modify the options as necessary
Option Description REMOTE_SERVER Address of the server hosting remote_auth.cgi REMOTE_PORT TCP Port of the server REMOTE_PATH Absolute path to remote_auth.cgi USERS_FILEPATH The path to the user registry file AUTOCREATE_AJXPUSER Always true TRANSMIT_CLEAR_PASS Always true DYNAMIC_REPO_BASE Path used to create dynamically institution-specific repositories according to users' institutions. E.g. if DYNAMIC_REPO_BASE is /primo_ui/ and user's institution is INST1, repository INST1 is created in /primo_ui/INST1. If you don't want the plugin to create any dynamic repositories, set DYNAMIC_REPO_BASE to empty.
Setup Static Repositories
You can setup the normal repositories in AjaXplorer settings after logging in with a superadmin account. We have the default Primo UI as a read-only repository for all users with the following configuration using the FS driver:
Path: /exlibris/primo/p3_1/ng/primo/home/system/thirdparty/openserver/server/search/deploy/primo_library-app.ear/primo_library-libweb.war
Create: No
Default Rights: r
Character Encoding : (leave empty)
We also give read-only access to everyone's files so that ideas and examples can be shared and reused:
Path: /primo_ui
Create: No
Default Rights: r
Character Encoding : (leave empty)
TO DO list
- Could, maybe, include some local user management capabilities in the plugin.
Known issues
-
Comments
Please comment or feel free to email me at ere.maijala at helsinki.fi if you encounter any issues.