Manifest - Page Scripting and Groups

Since Manifest integrates with the NetID Login System via Shibboleth, web applications can utilize scripting and HTTP headers to create dynamic pages based on group affiliation. In order to get started, your web application must first be configured to work with Shibboleth and Manifest. For more information about these preliminary steps, please review Manifest - Integrating with NetID Login Service.

Setup

Once a member of a properly configured group successfully logs into your web application, Shibboleth will set environment variables or HTTP headers which correspond to the SAML2 assertions. The header which contains Manifest group data will be set as isMemberOf and will be made up of the group IDs which were delivered when the user logged in, delimited by semicolons. An example environment variable follows:

HTTP_ISMEMBEROF => uw:domain:myapp.wisc.edu:users;uw:domain:myapp.wisc.edu:admins;

By using scripting languages such as ASP.NET, PHP, Perl, etc., you can parse these group IDs and dynamically structure your page based on group affiliation. Using this concept, you can do things like add additional controls or data displays for administrators, without having to maintain your own list of users or separate pages for these functions.

Examples

The following examples assume that you have Shibboleth and Manifest configured to work with your web application. The Manifest group used in these examples is made up of admins of the web application. The group ID appears as follows:

uw:domain:myapp.wisc.edu:admins

PHP Example

In this example we use PHP to parse the isMemberOf header into variables. We then write the rest of our page so that certain elements are displayed only to members of an administrative group maintained in Manifest.

<?php
	
echo "<h3>Test Page for Manifest</h3>";
echo "<br />";

$group_array = explode(";", $_SERVER["isMemberOf"]); // Break the groups into an array

echo "<p style='text-align: center'>Manifest groups:</p>";

foreach($group_array as $value) {
	echo $value;
	echo "<br />";
}

echo "<hr />";
echo "<br />";

If ( in_array("uw:domain:myapp.wisc.edu:admins", $group_array) ) { // If admin, do this
	$visible = true;
	echo "<p style='text-align: center'>You are an administrative user.  New, <i>super secret</i> elements will be rendered.</p>";
	echo "Click <a href='https://manifest.services.wisc.edu/User/GroupsManage.aspx' target='_blank'>HERE</a> to manage your Manifest groups.";
} else { // If not an admin, do this
	echo "<p style='text-align: center'>These aren't the droids you're looking for, move along.</p>";
}

If ($visible) { // Set above if user is an admin
	echo "<hr />";
	echo "<br />";
	
	echo "<p style='text-align: center'>HTTP Headers:</p>";
	foreach($_SERVER as $key =>  $value) { // Print the headers
		echo $key . " => " .$value;
		echo "<br />";
	}
}

?>

When a member who is part of the admin group logs in, the page will print out their group affiliation and a link to manage Manifest groups. Since we set the $visible variable in the If statement, we print out the page headers further down the page when an admin has logged in.

ASP.NET Example

In this example we use VB.NET to iterate through headers and append them to a StringBuilder called stringHolder. While performing this iteration, we check to see if the user is a member of the admins group. If so, we make the string visible.

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

Dim loop1 As Integer
Dim arr1(), arr2() As String
Dim coll As NameValueCollection
Dim stringHolder As New System.Text.StringBuilder

' Load Header collection into NameValueCollection object.
coll = Request.Headers

' Put the names of all keys into a string array.
arr1 = coll.AllKeys

' Headers
stringHolder.Append("You are an administrator.<br /><hr /><br />")
stringHolder.Append("<ul>")
For loop1 = 0 To arr1.GetUpperBound(0)
    arr2 = coll.GetValues(loop1)
    stringHolder.Append("<li>" & arr1(loop1) & ": " & Server.HtmlEncode(arr2(0)) & "</li>")

    If (arr1(loop1).ToString = "isMemberOf" And arr2(0).ToString = "uw:domain:myapp.wisc.edu:admins") Then
        ouRequest.Visible = True
        noadmin.Visible = False
    End If

Next loop1

stringHolder.Append("</ul>")
headers.InnerHtml = stringHolder.ToString()

End Sub

This is a very rudimentary example which is meant only to to output the page headers. For practical purposes it may be more beneficial to use Request.Headers("isMemberOf") to check for group affiliation. Using this check in addition to a ViewState toggle will allow for simple creation of page granularity with ASP.NET. An example of this will be added in the near future.




Keywords:manifest gams grouping netid script php asp .net aspx authorization authentication   Doc ID:32946
Owner:Drew F.Group:Middleware
Created:2013-08-22 10:46 CDTUpdated:2016-05-24 11:11 CDT
Sites:DoIT Help Desk, Middleware
Feedback:  0   0