Next Step:
SHRINE 4.1.0 Appendix A.9 - Starting and Stopping the Software
If you want to use authorization, you'll have to at least add for the the following configuration to shrine.conf after the shrine block:
shrine { ... }
First this:
shrine.queryEntryPoint.authenticationType = "sso" shrine.webclient.ssoLogoutUrl = "https://<your hostname>/shrine-api/authorizer/logout" shrine.config.authorizer.shibLogoutUrl = "https://<your hostname>/Shibboleth.sso/Logout?return=<return url provided by your idP provider>" shrine.config.authorizer.requireAuthorization = "true" // comes from reference.conf. You can override it here: // shrine.webclient.unauthorizedMessage = "You currently do not have access to SHRINE. Please contact your institution's SHRINE administrator for more information."
shrine.config.authorizer : { unauthorizedUrl = "/shrine-api/shrine-webclient?isAuth=false" shibLogoutUrl = "https://<your hostname>/Shibboleth.sso/Logout?return=https://sso.med.harvard.edu/adfs/ls/?wa=wsignout1.0" attributeProviders : [ { class = net.shrine.authz.providerService.attributes.WhiteBlackListAttrProvider name = wb-list, // DB config here should correspond to tomcat's Resource in its context.xml database: { dataSourceFrom = "JNDI" jndiDataSourceName = "java:comp/env/jdbc/blackWhiteTableDB" timeout = "30 seconds" createTablesOnStart = false } } { class = net.shrine.authz.providerService.attributes.EndpointAttrProvider name = profiles_faculty_type_and_id url = "https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation" userIdPlaceHolder="{userId}" attributeRegexes : [ { name = "person-id" regex = "PersonID=\"([0-9]+)\"" } { name = "faculty_type" regex = "<Affiliation Primary=\"true\">.*?FacultyTypeSort=\"(.)\"" } ] } { class = net.shrine.authz.providerService.attributes.EndpointAttrProvider name = profiles_everything url = "https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation" userIdPlaceHolder="{userId}" attributeRegexes : [ { name = "everything" regex = "(.+)" } ] } { class = net.shrine.authz.providerService.attributes.RequestHeadersAttrProvider name = headers, headerNames : [ AJP_userId AJP_email AJP_firstName AJP_lastName ] } ], authorizer : { name : net.shrine.authz.providerService.authorize.HmsAuthorizer } //////////////////////////////////////////////////////////// // example of an alternate authorizer: RegexAuthorizer // //////////////////////////////////////////////////////////// authorizer : { name : net.shrine.authz.providerService.examples.RegexAuthorizer regexTerms : [ "wb-list.isBlack.false" "(wb-list.isWhite.true)|(profiles_faculty_type_and_id.faculty_type.[0-4])" "!(fp77)" ] } }
shrine.config.authorizer : {
unauthorizedUrl = "/shrine-api/shrine-webclient?isAuth=false"
shibLogoutUrl = "https://<your hostname>/Shibboleth.sso/Logout?return=https://sso.med.harvard.edu/adfs/ls/?wa=wsignout1.0"
attributeProviders :
[
{
class = net.shrine.authz.providerService.attributes.WhiteBlackListAttrProvider
name = wb-list,
// DB config here should correspond to tomcat's Resource in its context.xml
database: {
dataSourceFrom = "JNDI"
jndiDataSourceName = "java:comp/env/jdbc/blackWhiteTableDB"
timeout = "30 seconds"
createTablesOnStart = false
}
}
{
class = net.shrine.authz.providerService.attributes.EndpointAttrProvider
name = profiles_faculty_type_and_id
url = "https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation"
userIdPlaceHolder="{userId}"
attributeRegexes : [
{
name = "person-id"
regex = "PersonID=\"([0-9]+)\""
}
{
name = "faculty_type"
regex = "<Affiliation Primary=\"true\">.*?FacultyTypeSort=\"(.)\""
}
]
}
{
class = net.shrine.authz.providerService.attributes.EndpointAttrProvider
name = profiles_everything
url = "https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation"
userIdPlaceHolder="{userId}"
attributeRegexes : [
{
name = "everything"
regex = "(.+)"
}
]
}
{
class = net.shrine.authz.providerService.attributes.RequestHeadersAttrProvider
name = headers,
headerNames :
[
AJP_userId
AJP_email
AJP_firstName
AJP_lastName
]
}
],
authorizer : {
name : net.shrine.authz.providerService.authorize.HmsAuthorizer
}
////////////////////////////////////////////////////////////
// example of an alternate authorizer: RegexAuthorizer //
////////////////////////////////////////////////////////////
authorizer : {
name : net.shrine.authz.providerService.examples.RegexAuthorizer
regexTerms :
[
"wb-list.isBlack.false"
"(wb-list.isWhite.true)|(profiles_faculty_type_and_id.faculty_type.[0-4])"
"!(fp77)"
]
}
}