ELMS integrated user verification in PHP / 2007-11-12

2007-11-12 ELMS integrated user verification in PHP
Work decided to change the distribution of msdn-aa software (MSDN academic alliance) to a system where we do the verification whether a person is authorized to access the download and e-academy does the rest using ELMS (e-academy License Management System). This requires some setup in the webserver and the documentation from e-academy wasn't very clear (a whole stack of paper with lots of bits explained but a simple explanation was hard to find). But, with the sample pseudo code in the documentation I managed to build something. Checking usernames and passwords is left to the webserver (quite good at that bit), initializing user data and validating the session is done in php after which control is returned to the e-academy server. And I added an error-page especially for this script explaining which username/password to use.

I decided to throw the results online so others can borrow from the sample and implement their own. Directly copying the sample will never work as a lot of the data is really local.

Webserver config

The elms system insists on a secure webserver with https:// urls. We insist on that too for anything which asks for user names and passwords, so that matches nicely.

The webserver is configured to require auth on the verification url. I could do this with a login form in php, but the webserver is configured for ldap queries anyway so I copied that bit.

# for msdnaa verification

        AuthName "Informatica medewerkers en studenten"
        AuthType Basic
        AuthLDAPURL ldap://ldap.cs.uu.nl:389/dc=cs,dc=uu,dc=nl?uid
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off
        require valid-user
        ErrorDocument 401 /msdnaa/error.php

The php script verify.php just checks carefully whether it is called with the right parameters and with an authenticated user. It then queries ldap for the user data and does the call back to the e-academy server to validate the session and set the userdata.

When all that goes well and e-academy shows no error a redirect is given back to the server (the user never sees a page from our server when all goes well).

Tags: , ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newsitem.cgi,v 1.58 2022/12/12 15:34:31 koos Exp $ in 0.009579 seconds.