[Owncloud] Accessing php page in app directory - SOLVED

Andreas Ergenzinger Andreas.Ergenzinger at uni-konstanz.de
Wed Mar 20 13:35:17 UTC 2013 

Hi,

I don't think it makes sense to include my specific rule in the core .htaccess file. There simply aren't going to be a lot of people using the app  and those that do will have to provide a location directive anyway, in order to protect the OC location with a properly configured Shibboleth SP.

A general rewrite rule that allows direct access to all files in a specific subdirectory of all apps might be useful for some, but at the moment I don't see the need.

Cheers,
Andreas
 
On Wednesday, March 20, 2013 14:01 CET, Jan-Christoph Borchardt <hey at jancborchardt.net> wrote: 
 
> Hey Andreas! Is this a fix which should be in ownCloud itself? If so, it
> would be cool if you could look into changing the code and issuing a pull
> request on Github to http://github.com/owncloud/core
> 
> Cheers!
> 
> 
> On Wed, Mar 20, 2013 at 1:30 PM, Andreas Ergenzinger <
> Andreas.Ergenzinger at uni-konstanz.de> wrote:
> 
> > Hello,
> >
> > I've found a (rather obvious) solution to my own problem. As a short
> > recap, I need to access a php page in my app's subdirectory, which is
> > usually prevented by the rewrite rules in ownclouds .htaccess file. Adding
> > the line "RewriteRule ^apps/user_shibboleth/login.php - [L]" before the
> > existing "RewriteRule ^apps/([^/]*)/(.*\.(css|php))$
> > index.php?app=$1&getfile=$2 [QSA,L]", solved the problem, as it prevented
> > the second rule from being applied. However, a major drawback of this
> > approach was the changes to the .htacces file might be undone by an update
> > of ownCloud.
> >
> > It turns out that I only had to modify this solution slightly, to make the
> > required changes durable. Moving the custom rewrite rule from the .htaccess
> > file to a location directive for the /owncloud location was all that was
> > necessary. On a standard Apache installation the new rule is processed
> > before any rules in .htaccess and you don't even need a "RewriteOptions
> > inherit" statement.
> >
> > Maybe this will be useful for somebody else.
> >
> > Cheers,
> > Andreas
> >
> >
> > On Thursday, January 24, 2013 14:47 CET, "Andreas Ergenzinger" <
> > Andreas.Ergenzinger at uni-konstanz.de> wrote:
> >
> > >
> > > On Thursday, January 24, 2013 13:39 CET, Marcel Waldvogel <
> > marcel.waldvogel at uni-konstanz.de> wrote:
> > >
> > > > I guess Andreas means something different with "lazy", namely that no
> > login dialog is presented, if the user is already logged in with
> > Shibboleth, but the login happens directly. Is this correct?
> > >
> > > No. Lazy authentication means that the webserver always grants access to
> > a location, such as the owncloud directory, even to users who have not
> > authenticated at their Identity Provider, yet. This only makes sense in
> > combination with web applications, that have their own session management.
> > Such applications can identify remotely authenticated users and assign them
> > to a newly-created session.
> > >
> > > Compared to regular Shibboleth authentication, the  big advantage of the
> > lazy variant is  full compatibility with existing authorization mechanisms
> > that rely on OC's login form.
> > >
> > > I think, for now, I will add a rewrite rule to the .htaccess file, that
> > permits access to my forwarding page. If you know a less intrusive

> > solution, then please let me know.
> > >
> > > Andreas
> > >
> > >
> > > >
> > > > Beste Grüsse,
> > > > -Marcel Waldvogel
> > > >
> > > > Am 23.01.2013 um 16:40 schrieb Tornóci László <

> > tornoci.laszlo at med.semmelweis-univ.hu>:
> > > >
> > > > > On 01/23/2013 03:32 PM, Andreas Ergenzinger wrote:
> > > > >> Hello,
> > > > >>
> > > > >> I am working on an app that is supposed to allow lazy Shibboleth
> > > > >> authentication [1] in ownCloud, using the Shibboleth Service
> > Provider
> > > > >> (SP) [2]. For this to work, I need a page where I can access
> > > > >> environment variables, read information from the database, and
> > > > >> autoforward to the SP's session initiator.
> > > > >
> > > > > I'm looking forward to see an app that works with the standard shibd
> > daemon (shibboleth SP), rather than the current user_saml app that needs
> > simplesamlphp. One thing though I don't understand: why on earth you want
> > to have _lazy_ sessions for owncloud? What can you do in owncloud without
> > being authenticated?
> > > > >                                   Yours: Laszlo
> > > > >
> > > > > _______________________________________________
> > > > > Owncloud mailing list
> > > > > Owncloud at kde.org
> > > > > https://mail.kde.org/mailman/listinfo/owncloud
> > > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Owncloud mailing list
> > > Owncloud at kde.org
> > > https://mail.kde.org/mailman/listinfo/owncloud
> >
> >
> >
> >
> > _______________________________________________
> > Owncloud mailing list
> > Owncloud at kde.org
> > https://mail.kde.org/mailman/listinfo/owncloud
> >

More information about the Owncloud mailing list