[Owncloud] Accessing php page in app directory - SOLVED

Wed Mar 20 13:01:23 UTC 2013

Hey Andreas! Is this a fix which should be in ownCloud itself? If so, it
would be cool if you could look into changing the code and issuing a pull
request on Github to http://github.com/owncloud/core

Cheers!

On Wed, Mar 20, 2013 at 1:30 PM, Andreas Ergenzinger <
Andreas.Ergenzinger at uni-konstanz.de> wrote:

> Hello,
>
> I've found a (rather obvious) solution to my own problem. As a short
> recap, I need to access a php page in my app's subdirectory, which is
> usually prevented by the rewrite rules in ownclouds .htaccess file. Adding
> the line "RewriteRule ^apps/user_shibboleth/login.php - [L]" before the
> existing "RewriteRule ^apps/([^/]*)/(.*\.(css|php))$
> index.php?app=$1&getfile=$2 [QSA,L]", solved the problem, as it prevented
> the second rule from being applied. However, a major drawback of this
> approach was the changes to the .htacces file might be undone by an update
> of ownCloud.
>
> It turns out that I only had to modify this solution slightly, to make the
> required changes durable. Moving the custom rewrite rule from the .htaccess
> file to a location directive for the /owncloud location was all that was
> necessary. On a standard Apache installation the new rule is processed
> before any rules in .htaccess and you don't even need a "RewriteOptions
> inherit" statement.
>
> Maybe this will be useful for somebody else.
>
> Cheers,
> Andreas
>
>
> On Thursday, January 24, 2013 14:47 CET, "Andreas Ergenzinger" <
> Andreas.Ergenzinger at uni-konstanz.de> wrote:
>
> >
> > On Thursday, January 24, 2013 13:39 CET, Marcel Waldvogel <
> marcel.waldvogel at uni-konstanz.de> wrote:
> >
> > > I guess Andreas means something different with "lazy", namely that no
> login dialog is presented, if the user is already logged in with
> Shibboleth, but the login happens directly. Is this correct?
> >
> > No. Lazy authentication means that the webserver always grants access to
> a location, such as the owncloud directory, even to users who have not
> authenticated at their Identity Provider, yet. This only makes sense in
> combination with web applications, that have their own session management.
> Such applications can identify remotely authenticated users and assign them
> to a newly-created session.
> >
> > Compared to regular Shibboleth authentication, the  big advantage of the
> lazy variant is  full compatibility with existing authorization mechanisms
> that rely on OC's login form.
> >
> > I think, for now, I will add a rewrite rule to the .htaccess file, that
> permits access to my forwarding page. If you know a less intrusive
> solution, then please let me know.
> >
> > Andreas
> >
> >
> > >
> > > Beste Grüsse,
> > > -Marcel Waldvogel
> > >
> > > Am 23.01.2013 um 16:40 schrieb Tornóci László <
> tornoci.laszlo at med.semmelweis-univ.hu>:
> > >
> > > > On 01/23/2013 03:32 PM, Andreas Ergenzinger wrote:
> > > >> Hello,
> > > >>
> > > >> I am working on an app that is supposed to allow lazy Shibboleth
> > > >> authentication [1] in ownCloud, using the Shibboleth Service
> Provider
> > > >> (SP) [2]. For this to work, I need a page where I can access
> > > >> environment variables, read information from the database, and
> > > >> autoforward to the SP's session initiator.
> > > >
> > > > I'm looking forward to see an app that works with the standard shibd
> daemon (shibboleth SP), rather than the current user_saml app that needs
> simplesamlphp. One thing though I don't understand: why on earth you want
> to have _lazy_ sessions for owncloud? What can you do in owncloud without
> being authenticated?
> > > >                                   Yours: Laszlo
> > > >
> > > > _______________________________________________
> > > > Owncloud mailing list
> > > > Owncloud at kde.org
> > > > https://mail.kde.org/mailman/listinfo/owncloud
> > >
> >
> >
> >
> >
> > _______________________________________________
> > Owncloud mailing list
> > Owncloud at kde.org
> > https://mail.kde.org/mailman/listinfo/owncloud
>
>
>
>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130320/5dc037a6/attachment.html>