-
Notifications
You must be signed in to change notification settings - Fork 118
Open ID with Islandora and Fedora
Drupal 7 comes with the OpenID module which can be enable to allow users to login with an OpenID
Now for the interesting bits:
To use the Fedora REST API in conjunction with Open ID I had to create a custom Drupal Filter Query that would take the OpenID url, and resolve it to the user in which it is associated with.
SELECT DISTINCT u.uid AS userid, u.name AS Name, u.pass AS Pass, r.name AS Role
FROM (users u LEFT JOIN users_roles ON u.uid=users_roles.uid
INNER JOIN authmap ON u.uid=authmap.uid AND authmap.authname=CONCAT(?,':',?))
LEFT JOIN role r ON r.rid=users_roles.rid;
This query will take the OpenID url and use it to find the proper user and their roles, note that this doesn't replace the default query but is an additional query.
My CURL config for testing was:
curl -u "https://www.google.com/accounts/o8/id?id={My Hash ID}" --data "test" -X POST http://dev.local:8080/fedora/objects/islandora:root/datastreams/TEXT\?controlGroup\=M\&dsLabel\=test
It worked correctly and returned the data stream. It seems odd to treat the OpenID url as a username and password, split on ":".
Username: https
Password: //www.google.com/accounts/o8/id?id={My Hash ID}
But I've found that according the the specification and how Drupal stores the Open ID it should always be a absolute URL and will always contain "http:" or "https" at the beginning.
http://openid.net/specs/openid-authentication-1_1.html
The declared openid.server URL MAY contain existing query parameters and they MUST be properly preserved when appending extra query parameters. For example, not adding a second question mark if one already exists. The openid.server and openid.delegate URLs MUST be absolute URLs. Consumers MUST NOT attempt to resolve relative URLs. The openid.server and openid.delegate URLs MUST NOT include entities other than &, <, >, and ". Other characters that would not be valid in the HTML document or that cannot be represented in the document's character encoding MUST be escaped using the %xx mechanism as described in [RFC2396].
This is the SQL statement I added to the Drupal Filter /usr/local/fedora/server/config/filter-drupal.xml file.
<connection server="localhost" port="3306" dbname="drupal_default" user="drupal" password="drupal">
<sql>
<!--Different sql statement for each connection. This is for drupal
multisites that are setup using one database with table prefixes.
We don't do this but some people might.-->
SELECT DISTINCT u.uid AS userid, u.name AS Name, u.pass AS Pass, r.name AS Role
FROM (users u LEFT JOIN users_roles ON u.uid=users_roles.uid
INNER JOIN authmap ON u.uid=authmap.uid AND authmap.authname=CONCAT(?,':',?))
LEFT JOIN role r ON r.rid=users_roles.rid;
</sql>
</connection>You may be looking for the islandora-community wiki · new to islandora? · community calendar · interest groups