Next Step:
SHRINE 4.1.0 Appendix A.9 - Starting and Stopping the Software
If you want to use authorization, you'll have to at least add for the the following configuration to shrine.conf after the shrine block:
shrine { ... }
First this:
shrine.queryEntryPoint.authenticationType = "sso" shrine.webclient.ssoLogoutUrl = "https://<your hostname>/shrine-api/authorizer/logout" shrine.config.authorizer.shibLogoutUrl = "https://<your hostname>/Shibboleth.sso/Logout?return=<return url provided by your idP provider>" shrine.config.authorizer.requireAuthorization = "true" // comes from reference.conf. You can override it here: // shrine.webclient.unauthorizedMessage = "You currently do not have access to SHRINE. Please contact your institution's SHRINE administrator for more information."
shrine.queryEntryPoint.authenticationType = "sso" shrine.webclient.ssoLogoutUrl = "https://<your hostname>/shrine-api/authorizer/logout" shrine.config.authorizer.shibLogoutUrl = "https://<your hostname>/Shibboleth.sso/Logout?return=https://sso.med.harvard.edu/adfs/ls/?wa=wsignout1.0" shrine.webclient.sessionTimeout = "30 minutes" shrine.config.authorizer.requireAuthorization = "true" // comes from reference.conf // shrine.webclient.unauthorizedMessage = "You currently do not have access to SHRINE. Please contact your institution's SHRINE administrator for more information." shrine.config.authorizer : { unauthorizedUrl = "/shrine-api/shrine-webclient?isAuth=false" shibLogoutUrl = "https://<your hostname>/Shibboleth.sso/Logout?return=https://sso.med.harvard.edu/adfs/ls/?wa=wsignout1.0" attributeProviders : [ { class = net.shrine.authz.providerService.attributes.WhiteBlackListAttrProvider name = wb-list, // DB config here should correspond to tomcat's Resource in its context.xml database: { dataSourceFrom = "JNDI" jndiDataSourceName = "java:comp/env/jdbc/blackWhiteTableDB" timeout = "30 seconds" createTablesOnStart = false } } { class = net.shrine.authz.providerService.attributes.EndpointAttrProvider name = profiles_faculty_type_and_id url = "https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation" userIdPlaceHolder="{userId}" attributeRegexes : [ { name = "person-id" regex = "PersonID=\"([0-9]+)\"" } { name = "faculty_type" regex = "<Affiliation Primary=\"true\">.*?FacultyTypeSort=\"(.)\"" } ] } { class = net.shrine.authz.providerService.attributes.EndpointAttrProvider name = profiles_everything url = "https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation" userIdPlaceHolder="{userId}" attributeRegexes : [ { name = "everything" regex = "(.+)" } ] } { class = net.shrine.authz.providerService.attributes.RequestHeadersAttrProvider name = headers, headerNames : [ AJP_userId AJP_email AJP_firstName AJP_lastName ] } ], authorizer : { name : net.shrine.authz.providerService.authorize.HmsAuthorizer } //////////////////////////////////////////////////////////// // example of an alternate authorizer: RegexAuthorizer // //////////////////////////////////////////////////////////// authorizer : { name : net.shrine.authz.providerService.examples.RegexAuthorizer regexTerms : [ "wb-list.isBlack.false" "(wb-list.isWhite.true)|(profiles_faculty_type_and_id.faculty_type.[0-4])" "!(fp77)" ] } }
Overview
Content Tools