[Owncloud] Accessing php page in app directory - SOLVED

Wed Mar 20 12:30:18 UTC 2013

Hello,

I've found a (rather obvious) solution to my own problem. As a short recap, I need to access a php page in my app's subdirectory, which is usually prevented by the rewrite rules in ownclouds .htaccess file. Adding the line "RewriteRule ^apps/user_shibboleth/login.php - [L]" before the existing "RewriteRule ^apps/([^/]*)/(.*\.(css|php))$ index.php?app=$1&getfile=$2 [QSA,L]", solved the problem, as it prevented the second rule from being applied. However, a major drawback of this approach was the changes to the .htacces file might be undone by an update of ownCloud.

It turns out that I only had to modify this solution slightly, to make the required changes durable. Moving the custom rewrite rule from the .htaccess file to a location directive for the /owncloud location was all that was necessary. On a standard Apache installation the new rule is processed before any rules in .htaccess and you don't even need a "RewriteOptions inherit" statement.

Maybe this will be useful for somebody else.

Cheers,
Andreas

On Thursday, January 24, 2013 14:47 CET, "Andreas Ergenzinger" <Andreas.Ergenzinger at uni-konstanz.de> wrote: 

>  
> On Thursday, January 24, 2013 13:39 CET, Marcel Waldvogel <marcel.waldvogel at uni-konstanz.de> wrote: 
>  
> > I guess Andreas means something different with "lazy", namely that no login dialog is presented, if the user is already logged in with Shibboleth, but the login happens directly. Is this correct?
> 
> No. Lazy authentication means that the webserver always grants access to a location, such as the owncloud directory, even to users who have not authenticated at their Identity Provider, yet. This only makes sense in combination with web applications, that have their own session management. Such applications can identify remotely authenticated users and assign them to a newly-created session.
> 
> Compared to regular Shibboleth authentication, the  big advantage of the lazy variant is  full compatibility with existing authorization mechanisms that rely on OC's login form.
> 
> I think, for now, I will add a rewrite rule to the .htaccess file, that permits access to my forwarding page. If you know a less intrusive solution, then please let me know.
> 
> Andreas
> 
> 
> > 
> > Beste Grüsse,
> > -Marcel Waldvogel
> > 
> > Am 23.01.2013 um 16:40 schrieb Tornóci László <tornoci.laszlo at med.semmelweis-univ.hu>:
> > 
> > > On 01/23/2013 03:32 PM, Andreas Ergenzinger wrote:
> > >> Hello,
> > >> 
> > >> I am working on an app that is supposed to allow lazy Shibboleth
> > >> authentication [1] in ownCloud, using the Shibboleth Service Provider
> > >> (SP) [2]. For this to work, I need a page where I can access
> > >> environment variables, read information from the database, and
> > >> autoforward to the SP's session initiator.
> > > 
> > > I'm looking forward to see an app that works with the standard shibd daemon (shibboleth SP), rather than the current user_saml app that needs simplesamlphp. One thing though I don't understand: why on earth you want to have _lazy_ sessions for owncloud? What can you do in owncloud without being authenticated?
> > > 					Yours: Laszlo
> > > 
> > > _______________________________________________
> > > Owncloud mailing list
> > > Owncloud at kde.org
> > > https://mail.kde.org/mailman/listinfo/owncloud
> > 
>  
>  
>  
>  
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud