Skip to content

Open ID with Islandora and Fedora

Jump to bottom Edit New page
Nigel Banks edited this page Jun 28, 2013 · 2 revisions

Drupal 7 comes with the OpenID module which can be enable to allow users to login with an OpenID

Now for the interesting bits:

To use the Fedora REST API in conjunction with Open ID I had to create a custom Drupal Filter Query that would take the OpenID url, and resolve it to the user in which it is associated with.

  SELECT DISTINCT u.uid AS userid, u.name AS Name, u.pass AS Pass, r.name AS Role
  FROM (users u LEFT JOIN users_roles ON u.uid=users_roles.uid
  INNER JOIN authmap ON u.uid=authmap.uid AND authmap.authname=CONCAT(?,':',?))
  LEFT JOIN role r ON r.rid=users_roles.rid;

This query will take the OpenID url and use it to find the proper user and their roles, note that this doesn't replace the default query but is an additional query.

My CURL config for testing was:

curl -u "https://www.google.com/accounts/o8/id?id={My Hash ID}" --data "test" -X POST http://dev.local:8080/fedora/objects/islandora:root/datastreams/TEXT\?controlGroup\=M\&dsLabel\=test

It worked correctly and returned the data stream. It seems odd to treat the OpenID url as a username and password, split on ":".

Username: https

Password: //www.google.com/accounts/o8/id?id={My Hash ID}

But I've found that according the the specification and how Drupal stores the Open ID it should always be a absolute URL and will always contain "http:" or "https" at the beginning.

http://openid.net/specs/openid-authentication-1_1.html

The declared openid.server URL MAY contain existing query parameters and they MUST be properly preserved when appending extra query parameters. For example, not adding a second question mark if one already exists. The openid.server and openid.delegate URLs MUST be absolute URLs. Consumers MUST NOT attempt to resolve relative URLs. The openid.server and openid.delegate URLs MUST NOT include entities other than &, <, >, and ". Other characters that would not be valid in the HTML document or that cannot be represented in the document's character encoding MUST be escaped using the %xx mechanism as described in [RFC2396].

This is the SQL statement I added to the Drupal Filter /usr/local/fedora/server/config/filter-drupal.xml file.

<connection server="localhost" port="3306" dbname="drupal_default" user="drupal" password="drupal">
    <sql>
      <!--Different sql statement for each connection.  This is for drupal
          multisites that are setup using one database with table prefixes.
          We don't do this but some people might.-->
      SELECT DISTINCT u.uid AS userid, u.name AS Name, u.pass AS Pass, r.name AS Role
      FROM (users u LEFT JOIN users_roles ON u.uid=users_roles.uid
      INNER JOIN authmap ON u.uid=authmap.uid AND authmap.authname=CONCAT(?,':',?))
      LEFT JOIN role r ON r.rid=users_roles.rid;
    </sql>
  </connection>

You may be looking for the islandora-community wiki · new to islandora? · community calendar · interest groups

⚠️ This wiki is an archive for past meeting notes. For current minutes as well as onboarding materials, click here.

Clone this wiki locally