Next Step:
SHRINE 4.1.0 Appendix A.9 - Starting and Stopping the Software
If you want to use authorization, you'll have to at least add for the the following configuration to shrine.conf after the shrine block:
shrine {
...
}
First this:
shrine.queryEntryPoint.authenticationType = "sso" shrine.webclient.ssoLogoutUrl = "https://<your hostname>/shrine-api/authorizer/logout" shrine.config.authorizer.shibLogoutUrl = "https://<your hostname>/Shibboleth.sso/Logout?return=<return url provided by your idP provider>" shrine.config.authorizer.requireAuthorization = "true" // comes from reference.conf. You can override it here: // shrine.webclient.unauthorizedMessage = "You currently do not have access to SHRINE. Please contact your institution's SHRINE administrator for more information."
shrine.queryEntryPoint.authenticationType = "sso"
shrine.webclient.ssoLogoutUrl = "https://<your hostname>/shrine-api/authorizer/logout"
shrine.config.authorizer.shibLogoutUrl = "https://<your hostname>/Shibboleth.sso/Logout?return=https://sso.med.harvard.edu/adfs/ls/?wa=wsignout1.0"
shrine.webclient.sessionTimeout = "30 minutes"
shrine.config.authorizer.requireAuthorization = "true"
// comes from reference.conf
// shrine.webclient.unauthorizedMessage = "You currently do not have access to SHRINE. Please contact your institution's SHRINE administrator for more information."
shrine.config.authorizer : {
unauthorizedUrl = "/shrine-api/shrine-webclient?isAuth=false"
shibLogoutUrl = "https://<your hostname>/Shibboleth.sso/Logout?return=https://sso.med.harvard.edu/adfs/ls/?wa=wsignout1.0"
attributeProviders :
[
{
class = net.shrine.authz.providerService.attributes.WhiteBlackListAttrProvider
name = wb-list,
// DB config here should correspond to tomcat's Resource in its context.xml
database: {
dataSourceFrom = "JNDI"
jndiDataSourceName = "java:comp/env/jdbc/blackWhiteTableDB"
timeout = "30 seconds"
createTablesOnStart = false
}
}
{
class = net.shrine.authz.providerService.attributes.EndpointAttrProvider
name = profiles_faculty_type_and_id
url = "https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation"
userIdPlaceHolder="{userId}"
attributeRegexes : [
{
name = "person-id"
regex = "PersonID=\"([0-9]+)\""
}
{
name = "faculty_type"
regex = "<Affiliation Primary=\"true\">.*?FacultyTypeSort=\"(.)\""
}
]
}
{
class = net.shrine.authz.providerService.attributes.EndpointAttrProvider
name = profiles_everything
url = "https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation"
userIdPlaceHolder="{userId}"
attributeRegexes : [
{
name = "everything"
regex = "(.+)"
}
]
}
{
class = net.shrine.authz.providerService.attributes.RequestHeadersAttrProvider
name = headers,
headerNames :
[
AJP_userId
AJP_email
AJP_firstName
AJP_lastName
]
}
],
authorizer : {
name : net.shrine.authz.providerService.authorize.HmsAuthorizer
}
////////////////////////////////////////////////////////////
// example of an alternate authorizer: RegexAuthorizer //
////////////////////////////////////////////////////////////
authorizer : {
name : net.shrine.authz.providerService.examples.RegexAuthorizer
regexTerms :
[
"wb-list.isBlack.false"
"(wb-list.isWhite.true)|(profiles_faculty_type_and_id.faculty_type.[0-4])"
"!(fp77)"
]
}
}
Overview
Content Tools