PAPI Archivos

The PAPI authentication and authorization framework


Opciones: Vista Forum

Use Monospaced Font
Por defecto enseñar Text Part
Mostrar todas las cabeceras de correo

Mensaje: [<< Primero] [< Prev] [Siguiente >] [Último >>]
Tema: [<< Primero] [< Prev] [Siguiente >] [Último >>]
Autor: [<< Primero] [< Prev] [Siguiente >] [Último >>]

Print Responder
"Diego R. Lopez" <[log in para visualizar]>
Reply To:
The PAPI authentication and authorization framework <[log in para visualizar]>
Mon, 10 Apr 2006 10:48:28 +0200
text/plain (74 lines)
Hi Romain,

Romain Dupre wrote:
> Thanks for your answer, i changed the configuration.
> But i had another problem to access the php protected page, so i searched 
> into PoA.php. 
> . . .
> test_Lcook() Function. php_protect: Location parameter of Lcook is not 
> valid.
> I do have a lot of work...

You are pretty right. The explode() usage that you describe is only
applicable to PHP4 and not to PHP5. I'm afraid that, when we made the
4 and 5 versions converge (they were separated some time ago) we made
the PHP4 override a compatible version... Now is corrected (I'm
attaching a correct version just in case you want to check it).
The CVS is now holding what will become soon phpPoA 2.0, with a simpler
interface, so we have no intention of opening new branches for 1.x.

> -How can i see all the protected sites under my GPoA on the accept page?

The only way to do so is by means of a list you deal independently with.
The AS only knows about the GPoA site, so there is no way that any PAPI
component make available extra information.
Bear in mind that the PoA/GPoA model is precisely intended to decouple
ASes and PoAs, so it is posible to deploy them in an independent manner.

>    ->Maybe i can link, for each PoA, a specific page on the GPoA and then 
> this page redirects me to the good PoA.

Could be an idea, but remember this is not part of the PAPI software.

> -If i allow the access to user X for a GPoA, user X can access all the 
> PoAs under this GPoA, isn't it?

Not necessarily. The GPoA sends individual assertions to each PoA under
it (you can differentiate them with the GPoA_Rewrite directive).
Each individual PoA can restrict access to the appropriate users by
means of the PAPI_Filter directive, and its corresponding equivalent
in phpPoA.

> -I am going to see how to automaticaly redirects a user to the AS without 
> doing anything from a simple PoA or a PoA under a GPoA(with WAYF, i 
> think). Do you think it is possible to have a primary AS and redirects 
> automaticaly a user to a secondary AS if this primary is down (also with 
> WAYF)?

In principle yes: The only constraint imposed on a WAYF is that it must
comply to the WAYF interface that defines the way in which it receives
the data from the PoA, and the way in which it has to redirect the user
browser to the selected AS (described in the section on the WAYF
interface in the documentation). Apart from that, your WAYF may perform
any procedures you wish.

Hope this helps.

Best regards,

"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez - RedIRIS
The Spanish NREN

e-mail: [log in para visualizar]
jid:    [log in para visualizar]
Tel:    +34 955 056 621
Mobile: +34 669 898 094