NAME
Apache2::Authen::OdinAuth - A cookie-based single sign-on module for Apache.
VERSION
Version 0.8
SYNOPSIS
This module defines an Apache handler for the Odin Authenticator single sign-on system. The system is based on the GodAuth script, available at http://github.com/exflickr/GodAuth/.
USAGE
To make Apache use the handler for authentication, enable mod_perl and add following directives in apache2.conf:
PerlSetVar odinauth_config /path/to/odin_auth.yml
PerlFixupHandler Apache2::Authen::OdinAuthThe PerlSetVar statement needs to be global; the PerlFixupHandler statement can be global or occur in a VirtualHost, Directory, or Location section.
YAML CONFIG
The handler reads (and automatically reloads if it's older than reload_timeout seconds) an additional YAML config file. It sets configures the shared secret, cookie name, authorizer app URL, and permissions (which are unfortunately regexp-based).
A sample configuration file looks like this:
# Sample config for Apache2::Authen::OdinAuth
permissions:
# URLs no auth
- url: !!perl/regexp ^localhost
who: all
# Require a role
- url: !!perl/regexp ^dev\.myapp\.com
who: role:admin
# Require username
- url: !!perl/regexp ^debug\.myapp\.com/
who: cal
# A list is fine too
- url: !!perl/regexp ^debug2\.myapp\.com/
who:
- role:devel
- cal
- myles
# Allow any authenticated user
- url: !!perl/regexp ^debug3\.myapp\.com/
who: authed
# log_file: /tmp/odin.log
secret: ****************
reload_timeout: 600
need_auth_url: http://example.com/?NA
invalid_cookie_url: http://example.com/?CIU
not_on_list_url: http://example.com/?NOL
cookie: oaNOTE: The config is better than original GodAuth configuration, but will probably need to be refactored; it would be best to make it live inside Apache's configuration. I'm still not sure how to make it happen in mod_perl.
SUBROUTINES
Configuration closure
config
Reloads configuration if older than RELOAD_TIMEOUT
init_config(request)
Finds config file and loads it for the first time
handler(request)
Main Apache mod_perl handler
redir(request, target, reason)
Redirect to Authorizer App
parse_cookie_jar(jar)
Parse cookies into a hashref
urldecode(str)
urlencode(str)
AUTHOR
Maciej Pasternacki, <maciej at pasternacki.net>
BUGS
Please report any bugs or feature requests to bug-apache2-authen-odinauth at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Apache2-Authen-OdinAuth. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Apache2::Authen::OdinAuthYou can also look for information at:
RT: CPAN's request tracker (report bugs here)
http://rt.cpan.org/NoAuth/Bugs.html?Dist=Apache2-Authen-OdinAuth
AnnoCPAN: Annotated CPAN documentation
CPAN Ratings
Search CPAN
ACKNOWLEDGEMENTS
LICENSE AND COPYRIGHT
Copyright 2012 Maciej Pasternacki.
This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.
See http://dev.perl.org/licenses/ for more information.