https://webwork.maa.org/mediawiki_new/api.php?action=feedcontributions&user=Pan+Luo&feedformat=atomWeBWorK_wiki - User contributions [en]2024-03-29T07:42:53ZUser contributionsMediaWiki 1.34.0https://webwork.maa.org/mediawiki_new/index.php?title=External_(Shibboleth)_Authentication&diff=12815External (Shibboleth) Authentication2014-01-24T22:46:18Z<p>Pan Luo: /* Install Shibboleth */</p>
<hr />
<div>This page is the instructions for how to enable [http://en.wikipedia.org/wiki/Shibboleth_(Internet2) Shibboleth] authentication system for WeBWorK.<br />
<br />
'''NOTES''': <br />
* The installation is based on Redhat Enterprise Linux 5.7. The installation for your distribution may vary. Please see the installation guide from Shibboleth website.<br />
* The shibboleth2.xml is generated by UBC IT shibboleth Configuration generation form. If you use the one distributed with Shibboleth SP, you will need to modified to fit your environment.<br />
* WeBWorK is configured on web root, instead of /webwork2. If your webwork is under a path, you will need to modified the shibboleth protection regular expression in shib.conf step 2.<br />
<br />
==Install Shibboleth==<br />
<br />
<ol><br />
<li>Install Shibboleth from repo</li><br />
<pre><br />
cd /etc/yum.repos.d/<br />
sudo wget http://download.opensuse.org/repositories/security://shibboleth/RHEL_5/security:shibboleth.repo<br />
sudo yum install shibboleth<br />
</pre> <br />
<br />
<li>Change configuration</li><br />
<ul><br />
<li>httpd.conf: The UseCanonicalName directive should be set to On or resource mapping errors will result.</li><br />
<li>httpd.conf: Ensure that the ServerName directive is properly set, and that Apache is being started with SSL enabled.</li><br />
<li>Shibboleth2xml: Copy Shibboleth2.xml to /etc/shibboleth or change/create the Shibboleth2.xml</li><br />
<ul><br />
<li>Under RequestMap, set up host. Your applicationid is not necessary the same as your hostname.</li><br />
<pre><br />
<Host name="YOUR_WEBWORK_HOSTNAME" <br />
applicationId="YOUR_WEBWORK_HOSTNAME" <br />
authType="shibboleth" <br />
requireSession="true" <br />
exportAssertion="false"<br />
redirectToSSL="443"><br />
</Host><br />
</pre><br />
<li>Change the ApplicationDefault or ApplicationOverride</li><br />
<pre><br />
<ApplicationOverride id="YOUR_HOSTNAME"<br />
entityID="https://YOUR_HOSTNAME/shibboleth-sp"<br />
homeURL="YOUR_WEBWORK_HOME_URL"<br />
REMOTE_USER="eppn" /><br />
</pre><br />
</ul><br />
<br />
<li>Meta file and attribute map: Copy IdP meta file or/and attribute map into /etc/shibboleth</li><br />
<li>webwork.apache2-config: exempt Shibboleth from being handled by Appache::WeBWork in line 148</li><br />
<pre><br />
if ($webwork_url eq "/") {<br />
$Location{$webwork_courses_url} = { SetHandler => "none" };<br />
$Location{$webwork_htdocs_url} = { SetHandler => "none" };<br />
$Location{"/Shibboleth.sso"} = { SetHandler => "none" }; # add this<br />
$Location{"/shibboleth-sp"} = { SetHandler => "none" }; # add this<br />
}<br />
</pre><br />
<li>shib.conf: Apache Shibboleth configuration. Add the following directive</li><br />
<pre><br />
<LocationMatch ^/[^webwork2_files|^webwork2_course_files]><br />
AuthType shibboleth<br />
ShibRequestSetting requireSession 1<br />
require valid-user<br />
</LocationMatch><br />
</pre><br />
<br />
<li>global.conf: webwork main configuration file (or localOverride.conf for newer version of WeBWorK):</li><br />
Change/Add the following to enable shibboleth authentication:<br />
<pre><br />
$authen{user_module} = {<br />
"*" => "WeBWorK::Authen::Shibboleth", <br />
};<br />
</pre><br />
<br />
Add the following lines at the bottom and change the Shibboleth handler accordingly.<br />
<pre><br />
$shibboleth{logout_script} = "/Shibboleth.sso/Logout?return=".$server_root_url.$webwork_url;<br />
$shibboleth{session_header} = "Shib-Session-ID"; # the header to identify if there is an existing shibboleth session<br />
$shibboleth{manage_session_timeout} = 1; # allow shib to manage session time instead of webwork<br />
$shibboleth{hash_user_id_method} = "MD5"; # possible values none, MD5. Use it when you want to hide real user_ids from showing in url. <br />
$shibboleth{hash_user_id_salt} = ""; # salt for hash function<br />
#define mapping between shib and webwork<br />
$shibboleth{mapping}{user_id} = 'puid';<br />
</pre><br />
</ul><br />
<br />
<li>Start Shib</li><br />
<pre><br />
sudo /sbin/service shibd start<br />
</pre><br />
<br />
<li>Restart Apache</li><br />
<pre><br />
sudo /sbin/service httpd restart<br />
</pre><br />
</ol><br />
<br />
== Credits ==<br />
<br />
Pan Luo[mailto:webwork.support@ubc.ca] (Centre for Teaching, Learning and Technology, University of British Columbia) wrote the WeBWorK::Authen::Shibboleth module, based on existing [[External (Cosign) Authentication|Cosign WeBWorK authentication module]].<br />
<br />
[[Category:Administrators]]</div>Pan Luohttps://webwork.maa.org/mediawiki_new/index.php?title=External_(Shibboleth)_Authentication&diff=12814External (Shibboleth) Authentication2012-01-27T22:59:36Z<p>Pan Luo: </p>
<hr />
<div>This page is the instructions for how to enable [http://en.wikipedia.org/wiki/Shibboleth_(Internet2) Shibboleth] authentication system for WeBWorK.<br />
<br />
'''NOTES''': <br />
* The installation is based on Redhat Enterprise Linux 5.7. The installation for your distribution may vary. Please see the installation guide from Shibboleth website.<br />
* The shibboleth2.xml is generated by UBC IT shibboleth Configuration generation form. If you use the one distributed with Shibboleth SP, you will need to modified to fit your environment.<br />
* WeBWorK is configured on web root, instead of /webwork2. If your webwork is under a path, you will need to modified the shibboleth protection regular expression in shib.conf step 2.<br />
<br />
==Install Shibboleth==<br />
<br />
<ol><br />
<li>Install Shibboleth from repo</li><br />
<pre><br />
cd /etc/yum.repos.d/<br />
sudo wget http://download.opensuse.org/repositories/security://shibboleth/RHEL_5/security:shibboleth.repo<br />
sudo yum install shibboleth<br />
</pre> <br />
<br />
<li>Change configuration</li><br />
<ul><br />
<li>httpd.conf: The UseCanonicalName directive should be set to On or resource mapping errors will result.</li><br />
<li>httpd.conf: Ensure that the ServerName directive is properly set, and that Apache is being started with SSL enabled.</li><br />
<li>Shibboleth2xml: Copy Shibboleth2.xml to /etc/shibboleth or change/create the Shibboleth2.xml</li><br />
<ul><br />
<li>Under RequestMap, set up host. Your applicationid is not necessary the same as your hostname.</li><br />
<pre><br />
<Host name="YOUR_WEBWORK_HOSTNAME" <br />
applicationId="YOUR_WEBWORK_HOSTNAME" <br />
authType="shibboleth" <br />
requireSession="true" <br />
exportAssertion="false"<br />
redirectToSSL="443"><br />
</Host><br />
</pre><br />
<li>Change the ApplicationDefault or ApplicationOverride</li><br />
<pre><br />
<ApplicationOverride id="YOUR_HOSTNAME"<br />
entityID="https://YOUR_HOSTNAME/shibboleth-sp"<br />
homeURL="YOUR_WEBWORK_HOME_URL"<br />
REMOTE_USER="eppn" /><br />
</pre><br />
</ul><br />
<br />
<li>Meta file and attribute map: Copy IdP meta file or/and attribute map into /etc/shibboleth</li><br />
<li>webwork.apache2-config: exempt Shibboleth from being handled by Appache::WeBWork in line 148</li><br />
<pre><br />
if ($webwork_url eq "/") {<br />
$Location{$webwork_courses_url} = { SetHandler => "none" };<br />
$Location{$webwork_htdocs_url} = { SetHandler => "none" };<br />
$Location{"/Shibboleth.sso"} = { SetHandler => "none" }; # add this<br />
$Location{"/shibboleth-sp"} = { SetHandler => "none" }; # add this<br />
}<br />
</pre><br />
<li>shib.conf: Apache Shibboleth configuration. Add the following directive</li><br />
<pre><br />
<LocationMatch ^/[^webwork2_files|^webwork2_course_files]><br />
AuthType shibboleth<br />
ShibRequestSetting requireSession 1<br />
require valid-user<br />
</LocationMatch><br />
</pre><br />
<br />
<li>global.conf: webwork main configuration file. Add the following lines at the bottom and change the Shibboleth handler accordingly. </li><br />
<pre><br />
$shibboleth{logout_script} = "/Shibboleth.sso/Logout?return=".$server_root_url.$webwork_url;<br />
$shibboleth{session_header} = "Shib-Session-ID"; # the header to identify if there is an existing shibboleth session<br />
$shibboleth{manage_session_timeout} = 1; # allow shib to manage session time instead of webwork<br />
$shibboleth{hash_user_id_method} = "MD5"; # possible values none, MD5. Use it when you want to hide real user_ids from showing in url. <br />
$shibboleth{hash_user_id_salt} = ""; # salt for hash function<br />
#define mapping between shib and webwork<br />
$shibboleth{mapping}{user_id} = 'puid';<br />
</pre><br />
</ul><br />
<br />
<li>Start Shib</li><br />
<pre><br />
sudo /sbin/service shibd start<br />
</pre><br />
<br />
<li>Restart Apache</li><br />
<pre><br />
sudo /sbin/service httpd restart<br />
</pre><br />
</ol><br />
<br />
<br />
== Credits ==<br />
<br />
Pan Luo[mailto:webwork.support@ubc.ca] (Centre for Teaching, Learning and Technology, University of British Columbia) wrote the WeBWorK::Authen::Shibboleth module, based on existing [[External (Cosign) Authentication|Cosign WeBWorK authentication module]].<br />
<br />
[[Category:Administrators]]</div>Pan Luohttps://webwork.maa.org/mediawiki_new/index.php?title=External_(Shibboleth)_Authentication&diff=12813External (Shibboleth) Authentication2012-01-27T22:39:42Z<p>Pan Luo: Created page with "This page is the instructions for how to enable Shibboleth authentication system for WeBWorK. '''NOTES''': * The installation is based on Redhat Enterprise Linux 5.7. The in..."</p>
<hr />
<div>This page is the instructions for how to enable Shibboleth authentication system for WeBWorK.<br />
<br />
'''NOTES''': <br />
* The installation is based on Redhat Enterprise Linux 5.7. The installation for your distribution may vary. Please see the installation guide from Shibboleth website.<br />
* The shibboleth2.xml is generated by UBC IT shibboleth Configuration generation form. If you use the one distributed with Shibboleth SP, you will need to modified to fit your environment.<br />
* WeBWorK is configured on web root, instead of /webwork2. If your webwork is under a path, you will need to modified the shibboleth protection regular expression in shib.conf step 2.<br />
<br />
==Install Shibboleth==<br />
<br />
<ol><br />
<li>Install Shibboleth from repo</li><br />
<pre><br />
cd /etc/yum.repos.d/<br />
sudo wget http://download.opensuse.org/repositories/security://shibboleth/RHEL_5/security:shibboleth.repo<br />
sudo yum install shibboleth<br />
</pre> <br />
<br />
<li>Change configuration</li><br />
<ul><br />
<li>httpd.conf: The UseCanonicalName directive should be set to On or resource mapping errors will result.</li><br />
<li>httpd.conf: Ensure that the ServerName directive is properly set, and that Apache is being started with SSL enabled.</li><br />
<li>Shibboleth2xml: Copy Shibboleth2.xml to /etc/shibboleth or change/create the Shibboleth2.xml</li><br />
<ul><br />
<li>Under RequestMap, set up host. Your applicationid is not necessary the same as your hostname.</li><br />
<pre><br />
<Host name="YOUR_WEBWORK_HOSTNAME" <br />
applicationId="YOUR_WEBWORK_HOSTNAME" <br />
authType="shibboleth" <br />
requireSession="true" <br />
exportAssertion="false"<br />
redirectToSSL="443"><br />
</Host><br />
</pre><br />
<li>Change the ApplicationDefault or ApplicationOverride</li><br />
<pre><br />
<ApplicationOverride id="YOUR_HOSTNAME"<br />
entityID="https://YOUR_HOSTNAME/shibboleth-sp"<br />
homeURL="YOUR_WEBWORK_HOME_URL"<br />
REMOTE_USER="eppn" /><br />
</pre><br />
</ul><br />
<br />
<li>Meta file and attribute map: Copy IdP meta file or/and attribute map into /etc/shibboleth</li><br />
<li>webwork.apache2-config: exempt Shibboleth from being handled by Appache::WeBWork in line 148</li><br />
<pre><br />
if ($webwork_url eq "/") {<br />
$Location{$webwork_courses_url} = { SetHandler => "none" };<br />
$Location{$webwork_htdocs_url} = { SetHandler => "none" };<br />
$Location{"/Shibboleth.sso"} = { SetHandler => "none" }; # add this<br />
$Location{"/shibboleth-sp"} = { SetHandler => "none" }; # add this<br />
}<br />
</pre><br />
<li>shib.conf: Apache Shibboleth configuration. Add the following directive</li><br />
<pre><br />
<LocationMatch ^/[^webwork2_files|^webwork2_course_files]><br />
AuthType shibboleth<br />
ShibRequestSetting requireSession 1<br />
require valid-user<br />
</LocationMatch><br />
</pre><br />
<br />
<li>global.conf: webwork main configuration file. Add the following lines at the bottom and change the Shibboleth handler accordingly. </li><br />
<pre><br />
$shibboleth{logout_script} = "/Shibboleth.sso/Logout?return=".$server_root_url.$webwork_url;<br />
$shibboleth{session_header} = "Shib-Session-ID"; # the header to identify if there is an existing shibboleth session<br />
$shibboleth{manage_session_timeout} = 1; # allow shib to manage session time instead of webwork<br />
$shibboleth{hash_user_id_method} = "MD5"; # possible values none, MD5. Use it when you want to hide real user_ids from showing in url. <br />
$shibboleth{hash_user_id_salt} = ""; # salt for hash function<br />
#define mapping between shib and webwork<br />
$shibboleth{mapping}{user_id} = 'puid';<br />
</pre><br />
</ul><br />
<br />
<li>Start Shib</li><br />
<pre><br />
sudo /sbin/service shibd start<br />
</pre><br />
<br />
<li>Restart Apache</li><br />
<pre><br />
sudo /sbin/service httpd restart<br />
</pre><br />
</ol></div>Pan Luohttps://webwork.maa.org/mediawiki_new/index.php?title=Troubleshooting_Equation_Images&diff=2175Troubleshooting Equation Images2011-05-14T21:58:39Z<p>Pan Luo: </p>
<hr />
<div>== General troubleshooting ==<br />
<br />
Try setting <code>$WeBWorK::PG::ImageGenerator::PreserveTempFiles</code> to <code>1</code> (in <code>webwork2/lib/WeBWorK/Constants.pm</code>).<br />
(Note that there is a similar setting for hardcopy: <code>$WeBWorK::ContentGenerator::Hardcopy::PreserveTempFiles = 0;</code>. Don't confuse the two. )<br />
<br />
After that, you should see directories like <code>ImageGenerator.xxxxxx</code> accumulating in <code>webwork2/tmp/</code>. These contain files that ImageGenerator uses in generating each equation image:<br />
<br />
* <code>equation.tex</code> - TeX source file<br />
* <code>equation.log</code> - log file written by LaTeX<br />
* <code>equation.dvi</code> - DVI file generated by LaTeX<br />
* <code>latex.out</code>, <code>latex.err</code> - messages written to STDOUT and STDERR by LaTeX<br />
* <code>dvipng.out</code>, <code>dvipng.err</code> - messages written to STDOUT and STDERR by dvipng<br />
<br />
If <code>latex.out</code> and <code>latex.err</code> don't exist, this indicates that LaTeX was never invoked. I'm not sure what would cause this.<br />
<br />
If <code>equation.log</code> doesn't exist, then LaTeX was invoked, but probably never ran. Check for a properly installed <code>latex</code> and make sure that the path to <code>latex</code> in <code>global.conf</code> is correct.<br />
<br />
Check <code>equation.log</code>, <code>latex.out</code>, and <code>latex.err</code> for errors. These might indicate problems in the TeX code being sent to LaTeX for processing. The errors might be in the equation itself in the PG file, or in the TexPreamble or TexPostamble, which are defined in <code>Constants.pm</code>.<br />
<br />
If <code>equation.dvi</code> does not exist, then LaTeX was not able to interpret its input successfully. Read <code>equation.log</code>, <code>latex.out</code>, and <code>latex.err</code> for errors.<br />
<br />
One common cause of errors is that the <code>preview.sty</code> file is not installed. <code>preview.sty</code> can be found as part of preview-latex in [http://www.ctan.org/tex-archive/macros/latex/contrib/preview/ CTAN] and many operating systems include a package for it.<br />
<br />
Open <code>equation.dvi</code> in a DVI viewer and see if it contains a properly rendered equation.<br />
<br />
Check <code>dvipng.out</code> and <code>dvipng.err</code> for errors.<br />
<br />
The PNG file that <code>dvipng</code> produces is moved from the <code>ImageGenerator.xxxxxx</code> directory and renamed, so you'll have to look at the HTML source of the problem page to find its name. It'll be something like <code>e40d5b21c65856b95bbc6f4dfced571.png</code>. (That's the SHA-1 hash of the TeX equation followed by <code>1.png</code>.) Make sure that file exists in <code>webwork2/htdocs/tmp/equations/</code>. Check its permissions. Make sure it is web-accessible (check <code>http://yourserver/webwork2_files/tmp/equations/filename.png</code>). See if it's a valid PNG, and see if it contains the proper equation image.<br />
<br />
== Inappropriate ioctl for device ==<br />
<br />
This seems to occur when very old versions of <code>dvipng</code> are in use, and the easiest way to resolve it is to upgrade to the latest version. If that is not possible, try the following:<br />
<br />
[In ImageGenerator.pm I] had [to] use the command<br />
<br />
my $dvipngCommand = "cd $wd && $dvipng " . $DvipngArgs . " equation.dvi \<br />
> dvipng.out 2> dvipng.err";<br />
<br />
i.e. pass it equation.dvi rather than equation. Probably my old version of<br />
dvipng requires this. There certainly can't be any harm in this, correct? The<br />
newer versions of dvipng must accept this, correct? <br />
<br />
== RedHat issues: fmtutil: format directory `/.texmf-var/web2c' does not exist. ==<br />
<br />
This can happen if you run texconfig as root -- it seems to reset TeX's home directory to root. Use texconfig-sys instead. <br />
<br />
See https://wiki.archlinux.org/index.php/TeX_Live_FAQ#Q:_I_want_to_have_some_configuration_app.21 for details.<br />
<br />
You may find this error in latex.err in ImageGenerator generated directory (ImageGenerator.XXXXXXX) when PreserveTempFiles is enabled. Run texconfig-sys as root, change something, and save. It should solve the problem.<br />
<br />
[[Category:Troubleshooting]]</div>Pan Luo