This document explains how to Shibbolize Podcast@UCSF.
Required Shibboleth Attributes
Podcast@UCSF requires the following attributes from GALEN LDAP, and, therefore, requires them from Shibboleth:
- UID (GALEN ID) which will be mapped to EPPN
Podcast@UCSF controls authentication with the following items:
- .htaccess files in actual podcast directories
PHP Code Changes
The following are changes that need to be done to the PHP code.
- Change the login form to be a button that points to MyAccess shibboleth, with text that reads, "Log in via MyAccess". The form would be something like this:
The login code at the top of the page should be moved into a new page, called
shibboleth.php, as that page will be the page which is protected by the
shibd daemon running on the Podcast server.
shibboleth.php, the auth code should look like:
Add a new method to
sessionManagement.php that works as follows:
userLogout() to actually end the
shibd session, as well:
Podcast@UCSF uses the database for admins and owners, and for each, the GALEN ID is used in the record. For admins the GALEN ID is
uid and for owners the GALEN ID is
galenid. For both admins and owners the GALEN ID will have to be converted to EPPN.