Page History

...

shrine {

...

}
... 
shrine.config.authorizer.requireAuthorization = "true"
shrine.webclient.ssoLogoutUrl = "https://<your hostname>/shrine-api/authorizer/logout"
shrine.config.authorizer.shibLogoutUrl = "https://<your hostname>/Shibboleth.sso/Logout?return=<return URL provided by your idP>"
// shrine.webclient.unauthorizedMessage = "Enter your message"

Unauthorized Message:

The default unauthorized message is as follows and currently baked into the code: "You currently do not have access to SHRINE. Please contact your institution's SHRINE administrator for more information." 

(Optional) The unauthorized message can be tailored to your needs in shrine.conf by uncommenting and updating the following line:

 // shrine.webclient.unauthorizedMessage = "Enter your message"

...

Phase 2: Making an authorization decision based on the attributes collected in Phase 1

After the configuration items indicated above, the config file, shrine.conf, also needs a configuration called 'shrine.config.authorizer'.

The authorization system works with any number of individually configured (Phase 1) attribute providers, each of which can generate attributes.  Further, a single (Phase 2) authorization provider, must also configured here, be configured. The authorization provider will determine, based on the collected attributes, whether the user is authorized or not.After the configuration items indicated above, the config file, shrine.conf, also needs a configuration called 'shrine.config.authorizer', of the following form: 

The following configuration pattern is used to integrate attribute providers with the authorization provider. The system currently comes with 3 available AttributeProviders and 3 available Authorizers (only one of which must appear in the configuration), ready to be used. If you want to create your own providers, this requires a bit more legwork than can easily be described here. Contacting us would be the best option.

...