<div dir="ltr">Hey Andreas! Is this a fix which should be in ownCloud itself? If so, it would be cool if you could look into changing the code and issuing a pull request on Github to <a href="http://github.com/owncloud/core">http://github.com/owncloud/core</a><div>
<br></div><div>Cheers!</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Mar 20, 2013 at 1:30 PM, Andreas Ergenzinger <span dir="ltr"><<a href="mailto:Andreas.Ergenzinger@uni-konstanz.de" target="_blank">Andreas.Ergenzinger@uni-konstanz.de</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
I've found a (rather obvious) solution to my own problem. As a short recap, I need to access a php page in my app's subdirectory, which is usually prevented by the rewrite rules in ownclouds .htaccess file. Adding the line "RewriteRule ^apps/user_shibboleth/login.php - [L]" before the existing "RewriteRule ^apps/([^/]*)/(.*\.(css|php))$ index.php?app=$1&getfile=$2 [QSA,L]", solved the problem, as it prevented the second rule from being applied. However, a major drawback of this approach was the changes to the .htacces file might be undone by an update of ownCloud.<br>
<br>
It turns out that I only had to modify this solution slightly, to make the required changes durable. Moving the custom rewrite rule from the .htaccess file to a location directive for the /owncloud location was all that was necessary. On a standard Apache installation the new rule is processed before any rules in .htaccess and you don't even need a "RewriteOptions inherit" statement.<br>
<br>
Maybe this will be useful for somebody else.<br>
<br>
Cheers,<br>
Andreas<br>
<br>
<br>
On Thursday, January 24, 2013 14:47 CET, "Andreas Ergenzinger" <<a href="mailto:Andreas.Ergenzinger@uni-konstanz.de">Andreas.Ergenzinger@uni-konstanz.de</a>> wrote:<br>
<br>
><br>
> On Thursday, January 24, 2013 13:39 CET, Marcel Waldvogel <<a href="mailto:marcel.waldvogel@uni-konstanz.de">marcel.waldvogel@uni-konstanz.de</a>> wrote:<br>
><br>
> > I guess Andreas means something different with "lazy", namely that no login dialog is presented, if the user is already logged in with Shibboleth, but the login happens directly. Is this correct?<br>
><br>
> No. Lazy authentication means that the webserver always grants access to a location, such as the owncloud directory, even to users who have not authenticated at their Identity Provider, yet. This only makes sense in combination with web applications, that have their own session management. Such applications can identify remotely authenticated users and assign them to a newly-created session.<br>
><br>
> Compared to regular Shibboleth authentication, the big advantage of the lazy variant is full compatibility with existing authorization mechanisms that rely on OC's login form.<br>
><br>
> I think, for now, I will add a rewrite rule to the .htaccess file, that permits access to my forwarding page. If you know a less intrusive solution, then please let me know.<br>
><br>
> Andreas<br>
><br>
><br>
> ><br>
> > Beste Grüsse,<br>
> > -Marcel Waldvogel<br>
> ><br>
> > Am 23.01.2013 um 16:40 schrieb Tornóci László <<a href="mailto:tornoci.laszlo@med.semmelweis-univ.hu">tornoci.laszlo@med.semmelweis-univ.hu</a>>:<br>
> ><br>
> > > On 01/23/2013 03:32 PM, Andreas Ergenzinger wrote:<br>
> > >> Hello,<br>
> > >><br>
> > >> I am working on an app that is supposed to allow lazy Shibboleth<br>
> > >> authentication [1] in ownCloud, using the Shibboleth Service Provider<br>
> > >> (SP) [2]. For this to work, I need a page where I can access<br>
> > >> environment variables, read information from the database, and<br>
> > >> autoforward to the SP's session initiator.<br>
> > ><br>
> > > I'm looking forward to see an app that works with the standard shibd daemon (shibboleth SP), rather than the current user_saml app that needs simplesamlphp. One thing though I don't understand: why on earth you want to have _lazy_ sessions for owncloud? What can you do in owncloud without being authenticated?<br>
> > > Yours: Laszlo<br>
> > ><br>
> > > _______________________________________________<br>
> > > Owncloud mailing list<br>
> > > <a href="mailto:Owncloud@kde.org">Owncloud@kde.org</a><br>
> > > <a href="https://mail.kde.org/mailman/listinfo/owncloud" target="_blank">https://mail.kde.org/mailman/listinfo/owncloud</a><br>
> ><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Owncloud mailing list<br>
> <a href="mailto:Owncloud@kde.org">Owncloud@kde.org</a><br>
> <a href="https://mail.kde.org/mailman/listinfo/owncloud" target="_blank">https://mail.kde.org/mailman/listinfo/owncloud</a><br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
Owncloud mailing list<br>
<a href="mailto:Owncloud@kde.org">Owncloud@kde.org</a><br>
<a href="https://mail.kde.org/mailman/listinfo/owncloud" target="_blank">https://mail.kde.org/mailman/listinfo/owncloud</a><br>
</blockquote></div><br></div>