Manifest - Page Scripting and Groups
Since Manifest integrates with the NetID Login System via Shibboleth, web applications can utilize scripting and HTTP headers to create dynamic pages based on group affiliation. In order to get started, your web application must first be configured to work with Shibboleth and Manifest. For more information about these preliminary steps, please review Manifest - Integrating with NetID Login Service.
Setup
Once a member of a properly configured group successfully logs into your web application, Shibboleth will set environment variables or HTTP headers which correspond to the SAML2 assertions. The header which contains Manifest group data will be set as isMemberOf and will be made up of the group IDs which were delivered when the user logged in, delimited by semicolons. An example environment variable follows:
HTTP_ISMEMBEROF => uw:domain:myapp.wisc.edu:users;uw:domain:myapp.wisc.edu:admins;
By using scripting languages such as ASP.NET, PHP, Perl, etc., you can parse these group IDs and dynamically structure your page based on group affiliation. Using this concept, you can do things like add additional controls or data displays for administrators, without having to maintain your own list of users or separate pages for these functions.
Examples
The following examples assume that you have Shibboleth and Manifest configured to work with your web application. The Manifest group used in these examples is made up of admins of the web application. The group ID appears as follows:
uw:domain:myapp.wisc.edu:admins
PHP Example
In this example we use PHP to parse the isMemberOf header into variables. We then write the rest of our page so that certain elements are displayed only to members of an administrative group maintained in Manifest.
<?php echo "<h3>Test Page for Manifest</h3>"; echo "<br />"; $group_array = explode(";", $_SERVER["isMemberOf"]); // Break the groups into an array echo "<p style='text-align: center'>Manifest groups:</p>"; foreach($group_array as $value) { echo $value; echo "<br />"; } echo "<hr />"; echo "<br />"; If ( in_array("uw:domain:myapp.wisc.edu:admins", $group_array) ) { // If admin, do this $visible = true; echo "<p style='text-align: center'>You are an administrative user. New, <i>super secret</i> elements will be rendered.</p>"; echo "Click <a href='https://manifest.services.wisc.edu/User/GroupsManage.aspx' target='_blank'>HERE</a> to manage your Manifest groups."; } else { // If not an admin, do this echo "<p style='text-align: center'>These aren't the droids you're looking for, move along.</p>"; } If ($visible) { // Set above if user is an admin echo "<hr />"; echo "<br />"; echo "<p style='text-align: center'>HTTP Headers:</p>"; foreach($_SERVER as $key => $value) { // Print the headers echo $key . " => " .$value; echo "<br />"; } } ?>
When a member who is part of the admin group logs in, the page will print out their group affiliation and a link to manage Manifest groups. Since we set the $visible variable in the If statement, we print out the page headers further down the page when an admin has logged in.
ASP.NET Example
In this example we use VB.NET to iterate through headers and append them to a StringBuilder called stringHolder. While performing this iteration, we check to see if the user is a member of the admins group. If so, we make the string visible.
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Dim loop1 As Integer Dim arr1(), arr2() As String Dim coll As NameValueCollection Dim stringHolder As New System.Text.StringBuilder ' Load Header collection into NameValueCollection object. coll = Request.Headers ' Put the names of all keys into a string array. arr1 = coll.AllKeys ' Headers stringHolder.Append("You are an administrator.<br /><hr /><br />") stringHolder.Append("<ul>") For loop1 = 0 To arr1.GetUpperBound(0) arr2 = coll.GetValues(loop1) stringHolder.Append("<li>" & arr1(loop1) & ": " & Server.HtmlEncode(arr2(0)) & "</li>") If (arr1(loop1).ToString = "isMemberOf" And arr2(0).ToString = "uw:domain:myapp.wisc.edu:admins") Then ouRequest.Visible = True noadmin.Visible = False End If Next loop1 stringHolder.Append("</ul>") headers.InnerHtml = stringHolder.ToString() End Sub
This is a very rudimentary example which is meant only to to output the page headers. For practical purposes it may be more beneficial to use Request.Headers("isMemberOf") to check for group affiliation. Using this check in addition to a ViewState toggle will allow for simple creation of page granularity with ASP.NET. An example of this will be added in the near future.