Page History
...
SHRINE 4.1.0 Appendix A.9 - Starting and Stopping the Software
If
...
you
...
want
...
to
...
use
...
authorization,
...
you'll
...
have
...
to
...
at
...
least
...
add
...
for
...
the
...
the
...
following
...
configuration
...
to
...
shrine.conf
...
after
...
the
...
shrine
...
block:
Code Block | ||||
---|---|---|---|---|
| ||||
shrine { |
...
... |
...
} |
First this:
shrine.queryEntryPoint.authenticationType
...
=
...
"sso"
shrine.webclient.ssoLogoutUrl
...
=
...
"https://<your
...
hostname>/shrine-api/authorizer/logout"
shrine.config.authorizer.shibLogoutUrl
...
=
...
"https://<your
...
hostname>/Shibboleth.sso/Logout?return=<return
...
url
...
provided
...
by
...
your
...
idP
...
provider>"
shrine.config.authorizer.requireAuthorization
...
=
...
"true"
//
...
comes
...
from
...
reference.conf.
...
You
...
can
...
override
...
it
...
here:
//
...
shrine.webclient.unauthorizedMessage
...
=
...
"You
...
currently
...
do
...
not
...
have
...
access
...
to
...
SHRINE.
...
Please
...
contact
...
your
...
institution's
...
SHRINE
...
administrator
...
for
...
more
...
information."
shrine.config.authorizer
...
:
...
{
...
unauthorizedUrl
...
=
...
"/shrine-api/shrine-webclient?isAuth=false"
...
shibLogoutUrl
...
=
...
"https://<your
...
hostname>/Shibboleth.sso/Logout?return=https://sso.med.harvard.edu/adfs/ls/?wa=wsignout1.0"
...
attributeProviders
...
:
...
[
...
{
...
class
...
=
...
net.shrine.authz.providerService.attributes.WhiteBlackListAttrProvider
...
name
...
=
...
wb-list,
...
//
...
DB
...
config
...
here
...
should
...
correspond
...
to
...
tomcat's
...
Resource
...
in
...
its
...
context.xml
...
database:
...
{
...
dataSourceFrom
...
=
...
"JNDI"
...
jndiDataSourceName
...
=
...
"java:comp/env/jdbc/blackWhiteTableDB"
...
timeout
...
=
...
"30
...
seconds"
...
createTablesOnStart
...
=
...
false
...
}
...
}
...
{
...
class
...
=
...
net.shrine.authz.providerService.attributes.EndpointAttrProvider
...
name
...
=
...
profiles_faculty_type_and_id
...
url
...
=
...
"https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation"
...
userIdPlaceHolder="{userId}"
...
attributeRegexes
...
:
...
[
...
{
...
name
...
=
...
"person-id"
...
regex
...
=
...
"PersonID=\"([0-9]+)\""
...
}
...
{
...
name
...
=
...
"faculty_type"
...
regex
...
=
...
"<Affiliation
...
Primary=\"true\">.*?FacultyTypeSort=\"(.)\""
...
}
...
]
...
}
...
{
...
class
...
=
...
net.shrine.authz.providerService.attributes.EndpointAttrProvider
...
name
...
=
...
profiles_everything
...
url
...
=
...
"https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation"
...
userIdPlaceHolder="{userId}"
...
attributeRegexes
...
:
...
[
...
{
...
name
...
=
...
"everything"
...
regex
...
=
...
"(.+)"
...
}
...
]
...
}
...
{
...
class
...
=
...
net.shrine.authz.providerService.attributes.RequestHeadersAttrProvider
...
name
...
=
...
headers,
...
headerNames
...
:
...
[
...
AJP_userId
...
AJP_email
...
AJP_firstName
...
AJP_lastName
...
]
...
}
...
],
...
authorizer
...
:
...
{
...
name
...
:
...
net.shrine.authz.providerService.authorize.HmsAuthorizer
...
}
...
////////////////////////////////////////////////////////////
...
//
...
example
...
of
...
an
...
alternate
...
authorizer:
...
RegexAuthorizer
...
//
...
////////////////////////////////////////////////////////////
...
authorizer
...
:
...
{
...
name
...
:
...
net.shrine.authz.providerService.examples.RegexAuthorizer
...
regexTerms
...
:
...
[
...
"wb-list.isBlack.false"
...
"(wb-list.isWhite.true)|(profiles_faculty_type_and_id.faculty_type.[0-4])"
...
"!(fp77)"
...
]
...
}
}