WebStyle: authenticated user HTTPS support
c1e3691cc782
Actions

Authored by Samuele Kaplun <samuele.kaplun@cern.ch> on Sep 12 2011, 10:33.

Description

WebStyle: authenticated user HTTPS support

When using SSO authentication based on Shibboleth, no longer expect Shibboleth to be triggered for every HTTPS requests but only for /youraccount/login and /youraccount/keepssoalive, the latter being referenced by a hidden IFRAME and pinged regularly to, indeed, keep the SSO session alive.

This change is necessary in order to allow Invenio to be executed fully over HTTPS, without Shibboleth authentication to be triggered upon every request.

Additionally if CFG_SITE_URL uses HTTPS, then any HTTP request will be re-routed to HTTPS and the cookie session will be sent only via HTTPS.

If serving an HTTPS request and MathJax is enabled and is configured to use the CDN, that the HTTPS-based URL for the MathJax CDN will be used.

Any external URL being referenced by an src attribute of an HTML page served by Invenio over HTTPS is now rewritten to point to CFG_SITE_SECURE_URL/sslredirect/URL so that the URL looks like HTTPS and browsers do not complain.

Any local URL being referenced by a src or href attribute of an HTML page served by Invenio over HTTPS is now rewritten to point to CFG_SITE_SECURE_URL. (closes #565)

Note: beware you should update your Apache configuration (e.g. by running "inveniocfg --create-apache-conf" in order to add to the SSL part a global redirection directive of the form "RedirectMatch /sslredirect/(.*) http://$1".

Committed

Tibor Simko <tibor.simko@cern.ch>

Oct 31 2011, 15:04

Parents

Branches

Unknown

Tags

Unknown

Tibor Simko <tibor.simko@cern.ch> committed R3600:c1e3691cc782: WebStyle: authenticated user HTTPS support (authored by Samuele Kaplun <samuele.kaplun@cern.ch>).Oct 31 2011, 15:04

				Path
	M			modules/bibcheck/web/admin/bibcheckadmin.py
	M			modules/bibcirculation/lib/bibcirculation_webinterface.py
	M			modules/bibcirculation/lib/bibcirculationadminlib.py
	M			modules/bibedit/lib/bibedit_engine.py
	M			modules/bibedit/lib/bibedit_webinterface.py
	M			modules/bibformat/web/admin/bibformatadmin.py
	M			modules/bibknowledge/lib/bibknowledgeadmin.py
	M			modules/bibmerge/lib/bibmerge_webinterface.py
	M			modules/bibupload/lib/batchuploader_webinterface.py
	M			modules/miscutil/lib/htmlutils.py
	M			modules/miscutil/lib/inveniocfg.py
	M			modules/miscutil/lib/urlutils.py
	M			modules/webaccess/lib/access_control_config.py
	M			modules/webaccess/lib/webaccessadmin_lib.py
	M			modules/webalert/lib/webalert_webinterface.py
	M			modules/webbasket/lib/webbasket_webinterface.py
	M			modules/webcomment/lib/webcomment_webinterface.py
	M			modules/webcomment/web/admin/webcommentadmin.py
	M			modules/webjournal/lib/webjournal_webinterface.py
	M			modules/webmessage/lib/webmessage_webinterface.py
	M			modules/websearch/lib/search_engine.py
	M			modules/websearch/lib/websearch_webinterface.py
	M			modules/websession/lib/session.py
	M			modules/websession/lib/websession_webinterface.py
	M			modules/websession/lib/webuser.py
	M			modules/webstyle/lib/webinterface_handler.py
	M			modules/webstyle/lib/webinterface_handler_wsgi.py
	M			modules/webstyle/lib/webinterface_handler_wsgi_utils.py
	M			modules/webstyle/lib/webpage.py
	M			modules/webstyle/lib/webstyle_templates.py
	M			modules/websubmit/lib/websubmit_webinterface.py
	M			modules/websubmit/web/approve.py