Index: openacs-4/packages/gatekeeper/www/doc/gatekeeper-install.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/gatekeeper/www/doc/gatekeeper-install.html,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-4/packages/gatekeeper/www/doc/gatekeeper-install.html 14 Jan 2004 16:48:00 -0000 1.1 @@ -0,0 +1,6 @@ +Installation

Installation

+ by Joel Aufrecht +


+ OpenACS docs are written by the named authors, and may be edited + by OpenACS documentation staff. +

Gatekeeper redirects OpenACS site requests to a remote URL. Each instance of gatekeeper works for a single URL. To install:

  1. Go to http://yourserver.test/admin/applications

  2. Click "Add Application"

  3. Choose "GateKeeper" and optionally fill out the other fields, and click OK. If gatekeeper doesn't appear on the list, go to http://yourserver.test/acs-admin/install to install it and then resume this process

  4. You should now see an "Applications" page with a list of applications including your new gatekeeper. Click Parameters for your new package.

  5. Enter the remote URL as GuardUrl.

View comments on this page at openacs.org
Index: openacs-4/packages/gatekeeper/www/doc/index.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/gatekeeper/www/doc/index.html,v diff -u -r1.1 -r1.2 --- openacs-4/packages/gatekeeper/www/doc/index.html 20 Apr 2001 20:51:11 -0000 1.1 +++ openacs-4/packages/gatekeeper/www/doc/index.html 14 Jan 2004 16:48:00 -0000 1.2 @@ -1,28 +1 @@ - - -Gatekeeper Documentation - - - -

Gatekeeper Documentation

- -

- -

- -
- - - -
- -
jbank@arsdigita.com
-
Last Modified: $Date$
- - - +Gatekeeper

Gatekeeper


Table of Contents

Installation
Requirements
View comments on this page at openacs.org
Index: openacs-4/packages/gatekeeper/www/doc/requirements.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/gatekeeper/www/doc/requirements.html,v diff -u -r1.1 -r1.2 --- openacs-4/packages/gatekeeper/www/doc/requirements.html 20 Apr 2001 20:51:11 -0000 1.1 +++ openacs-4/packages/gatekeeper/www/doc/requirements.html 14 Jan 2004 16:48:00 -0000 1.2 @@ -1,163 +1,152 @@ - - - - Gatekeeper Package Requirements - +Requirements

Requirements

by Joseph Bank, + Joel Aufrecht


+ OpenACS docs are written by the named authors, and may be edited + by OpenACS documentation staff. +

Introduction

Gatekeeper allows an OpenACS installation to provide users + authenticated access to other web sites. This is particularly + useful for dealing with "mounting" another legacy website on our + own site, while adding a security layer. We can then only allow + access to the legacy website from the main ACS server.

System/Application Overview

Gatekeeper provides an application for managing seamless + remote viewing of other web pages with optional security layers. + It consists of the following components: +

  • A web interface for retrieving foreign urls.

  • An API for adding security restrictions.

Use-cases and User Scenarios

  • Jane Webmaster wants to build an ACS site that provides paid + access to a currently existing web site. This other site uses + significantly different technology, so full integration would + require a great deal of effort.

    1. Jane creates an instance of the gatekeeper package which points to the existing site.

    2. She sets up a security restriction for the gatekeeper instance using + ACS permissions by only allowing read access for a newly created + user group.

    3. She modifies the ACS Ecommerce system to insert and remove users from the new user group based on their subscription payments.

    4. She modifies the existing site to only serve requests from her ACS server's IP address.

  • +--------------------------------------------
    +Use case
    +--------------------------------------------
     
    -  
    -    

    Gatekeeper Package Requirements

    - by Joseph Bank -
    +Integration of an external web mail client: Squirrelmail (PHP-based) and +IMAP-Server. - This is a DRAFT +Administrator +-------------------------------------------- +The institution has to have an IMAP server up and running. OpenACS must +be installed using the external authentication via pam-imap/ldap/passwd +(etc.) to authenticate and synchronize openacs users. -

    I. Introduction

    +The administrator has to have a webmail client like IMP or Squirrelmail +installed on Apache+PHP. The AOLServer has to have access to Apache for +instance over localhost. -

    The Gatekeeper module is intended to allow an ACS installation to act - as a simple gate keeper for another web site. This is particularly useful - for dealing with "mounting" another legacy website on our own site, while - adding a security layer. We can then only allow access to the legacy website - from the main ACS server. +The administrator has sucessfully installed the external authentication +package using pam. -

    II. Vision Statement

    +The administrator has to do the following to integrate the external +webmail client squirrelmail using the gatekeeper. -

    -

    +1. Create a new Gatekeeper Instance: Name: Squirrelmail +2. Indicate the required parameters for the gatekeeper instance: +- URL to guard: +http://localhost/squirrel/ +- Gatekeeper Type: -

    III. System/Application Overview

    - -

    - The ACS gatekeeper package provides an application for managing seamless - remote viewing of other web pages with optional security layers. -

    +requires external authentication +- Path to an optional header/footer template +/www/service0/packages/dotlrn/dotlrn-master.adp +- Name of the authority used (local, pam, ldap...) or database table +with account informations: +pam +- used login form input field: +login_username +- used password form input field: +secretkey +- logout/sign-out path: +http:/localhost/squirrel/src/signout.php +- request method: +post +- form action: +http:/localhost/squirrel/redirect.php +- where to add the startpage of the webmail in openacs: +/dotlrn/?&page-num=3 -

    - The package consists of the following components: -

    +The timeout of squirrelmail has to be set to a higher value than that of +OpenACS to make sure that the webmail session is valid as long as the +OpenACS session is valid. -
      -
    • A web interface for retrieving foreign urls. -
    • An API for adding security restrictions. -
    -

    IV. Use-cases and User Scenarios

    +Gatekeeper +-------------------------------------------- +The Gatekeeper Instance registers itself for auto logon on to that +authority. Thus after a sucessful login the login information is also +used to login to the webmail client and the cookies are forwarded to the +users browser. Thus the authentication package has to be extended for +post-login and logout procedure-calls. On request the gatekeeper checks +the content type (html, xhtml, compressed or not, usage of frames or +not) and rewrites the links apropriately. As soon as the user logs out +the webmail client is also logged out. -

    -

      -
    • Jane Webmaster wants to build an ACS site that provides paid - access to a currently existing web site. This other site uses - significantly different technology, so full integration would - require a great deal of effort. Instead, Jane creates an instance - of the gatekeeper package which points to the existing site. She - sets up a security restriction for the gatekeeper instance using - ACS permissions by only allowing read access for a newly created - user group. She then modifies the ACS Ecommerce system to insert - and remove users from the new user group based on their - subscription payments. Finally, she modifies the existing site to - only serve requests from her ACS server's IP address. -
    +User +-------------------------------------------- +The user simply logs into the system once and is served a link where he +can access the webmail-client. In this case over My Space-->My Mails as +Page three under dotLRN. The documentation of the webmail client has to -

    V. Related Links

    +be made accessible to the user. - Lots of other web sites do related things. For example, anonymizer sites allow - you to surf the web while doing seamless translation of the page. - +The current Gatekeeper has to be improved by the following: +- allow usage of templates (done already) +- allow xml, xhtml +- allow compressed data +- auto-check of frames --> if frames are used then the template is +useless or the frame has to be embedded inside another frameset. +- cookies forwarding for external application (not sure if that already +exists) +Restrictions +-------------------------------------------- +- Different locale between OpenACS and Webmail +- Different designs (depending on the webmail client this can be changed +via templates). +- no true integration into MySpace possible to notify user that she/he +has new unread emails. +
  • +--------------------------------------------
    +Other Use-Case:
    +--------------------------------------------
    +Integration of PHPWiki (xhtml) via Gatekeeper and LDAP/PAM/SQL...
     
    -    

    VI.A Requirements

    - -

    10.0 Seamless Viewing -

    -

    - The gatekeeper should provide seamless viewing of url's. This means - that the URL's should look like they belong to the ACS site, not the - original site. -

    - -

    20.0 Restricted Browsing -

    -

    - A given instance of the gatekeeper package should only provide access +Username Inputfield: auth[userid] +Password Inputfield: auth[passwd] +Form action: HomePage?action=browse +For OpenACS-Authority: PAM +PHPWiki can use many different types of authentication: LDAP, IMAP, +PASSWD, DB,... +

Related Links

Lots of other web sites do related things. For example, anonymizer sites allow + you to surf the web while doing seamless translation of the page.

Functional Requirements

Req #PriorityStatus in 5.0Description
10.0A?Seamless + Viewing. The gatekeeper should provide seamless viewing of URLs. This means + that the URLs should look like they belong to the ACS site, not the + original site.

Does this refer to web pages or to URL? Ie, does this mean that "user can click on a link and see (password-protected) web pages from a remote site, within the OpenACS site's look and feel," or does it mean, "user can click URLs that look like http://myopenacssite.test/foo/bar"?

20.0A?Restricted Browsing. +A given instance of the gatekeeper package should only provide access to a single site. The user must not be able to modify the URL so that arbitrary sites can be retrieved through the server. -

- -

30.0 Link Translation -

-

- All links from the gatekeeper page to the given site should be +

30.0A?Link Translation. + All links from the gatekeeper page to the given site should be translated to use the gatekeeper. -

- -

40.0 User Tracking -

-

- The ability to track all pages viewed via the gatekeeper should exist. -

- -

50.0 Flexible Restrictions -

-
-

50.1 ACS Permissions -

-

+

40.0A?User Tracking. +The ability to track all pages viewed via the gatekeeper should exist.

50.0 Flexible Restrictions +

50.1 ACS Permissions +

The gatekeeper package should support standard ACS permissioning. Access can thus be limited by setting up limited read access to an instance of the gatekeeper package. -

-

50.2 Callbacks -

-

+

50.2 Callbacks +

The gatekeepers should be provide access control via registered callbacks. -

-
- -

60.0 Full HTTP Support -

-

+

60.0 Full HTTP Support +

The gatekeeper should support the entire HTTP specification. -

-

60.1 POST Support -

-

+

60.1 POST Support +

POST form submission must be supported. -

-

60.2 Non-HTML Pages -

-

+

60.2 Non-HTML Pages +

Retrieval of non-HTML pages, such as GIFs and JPEGs, must be supported. -

-

60.3 Cookie Support -

-

+

60.3 Cookie Support +

The system should have the ability to store and respond with cookies sent from the guarded site. -

-
-

- - -

VII. Revision History

- - - - - - - - - - - - - - - -
Document Revision #Action Taken, NotesWhen?By Whom?
0.1Creation11/23/2000Joseph Bank
- -
-
-Last modified: $Id$ - - +

+

Revision History

Document Revision #Action Taken, NotesWhen?By Whom?
1Creation23 Nov 2000Joseph Bank
2Revised to add Nima Mazloumi's use case.13 Jan 2004Joel Aufrecht
View comments on this page at openacs.org
Index: openacs-4/packages/gatekeeper/www/doc/xml/Makefile =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/gatekeeper/www/doc/xml/Makefile,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-4/packages/gatekeeper/www/doc/xml/Makefile 14 Jan 2004 16:48:00 -0000 1.1 @@ -0,0 +1,21 @@ +# A very simple Makefile to generate the HTML docs +# @author Vinod Kurup (vinod@kurup.com) +# @author Modified by Roberto Mello (rmello@fslc.usu.edu) +# @author Joel Aufrecht +# +# @creation-date 2002-08-10 +# @modified-date 2002-09-21 +# @modified-date 2003-10-08 +# +# Simplified version of acs-core-docs makefile, intended for generating +# documentation from standard location /www/doc/xml in +# OpenACS packages +# + +# Paths +XSLTPROC=/usr/bin/xsltproc +HTMLDOC=/usr/bin/htmldoc + +all: + + cd .. ; $(XSLTPROC) --nonet --novalid --xinclude ../../../acs-core-docs/www/xml/openacs.xsl xml/index.xml \ No newline at end of file Index: openacs-4/packages/gatekeeper/www/doc/xml/index.xml =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/gatekeeper/www/doc/xml/index.xml,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-4/packages/gatekeeper/www/doc/xml/index.xml 14 Jan 2004 16:48:00 -0000 1.1 @@ -0,0 +1,15 @@ + + +]> + +
+ Gatekeeper + + Section Missing + + + Section Missing + +
Index: openacs-4/packages/gatekeeper/www/doc/xml/install.xml =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/gatekeeper/www/doc/xml/install.xml,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-4/packages/gatekeeper/www/doc/xml/install.xml 14 Jan 2004 16:48:00 -0000 1.1 @@ -0,0 +1,33 @@ + + + + + Installation + + + + by Joel Aufrecht + + + Gatekeeper redirects OpenACS site requests to a remote URL. Each instance of gatekeeper works for a single URL. To install: + + + Go to http://yourserver.test/admin/applications + + + Click "Add Application" + + + Choose "GateKeeper" and optionally fill out the other fields, and click OK. If gatekeeper doesn't appear on the list, go to http://yourserver.test/acs-admin/install to install it and then resume this process + + + You should now see an "Applications" page with a list of applications including your new gatekeeper. Click Parameters for your new package. + + + Enter the remote URL as GuardUrl. + + + + Index: openacs-4/packages/gatekeeper/www/doc/xml/requirements.xml =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/gatekeeper/www/doc/xml/requirements.xml,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-4/packages/gatekeeper/www/doc/xml/requirements.xml 14 Jan 2004 16:48:00 -0000 1.1 @@ -0,0 +1,325 @@ + + + + Requirements + + by Joseph Bank, + Joel Aufrecht + + + + Introduction + Gatekeeper allows an OpenACS installation to provide users + authenticated access to other web sites. This is particularly + useful for dealing with "mounting" another legacy website on our + own site, while adding a security layer. We can then only allow + access to the legacy website from the main ACS server. + + + + System/Application Overview + + Gatekeeper provides an application for managing seamless + remote viewing of other web pages with optional security layers. + It consists of the following components: + + + + A web interface for retrieving foreign urls. + + An API for adding security restrictions. + + + + + + Use-cases and User Scenarios + + + Jane Webmaster wants to build an ACS site that provides paid + access to a currently existing web site. This other site uses + significantly different technology, so full integration would + require a great deal of effort. + + Jane creates an instance of the gatekeeper package which points to the existing site. + + + She sets up a security restriction for the gatekeeper instance using + ACS permissions by only allowing read access for a newly created + user group. + + She modifies the ACS Ecommerce system to insert and remove users from the new user group based on their subscription payments. + + She modifies the existing site to only serve requests from her ACS server's IP address. + + + + + +-------------------------------------------- +Use case +-------------------------------------------- + +Integration of an external web mail client: Squirrelmail (PHP-based) and +IMAP-Server. + +Administrator +-------------------------------------------- +The institution has to have an IMAP server up and running. OpenACS must +be installed using the external authentication via pam-imap/ldap/passwd +(etc.) to authenticate and synchronize openacs users. + +The administrator has to have a webmail client like IMP or Squirrelmail +installed on Apache+PHP. The AOLServer has to have access to Apache for +instance over localhost. + +The administrator has sucessfully installed the external authentication +package using pam. + +The administrator has to do the following to integrate the external +webmail client squirrelmail using the gatekeeper. + +1. Create a new Gatekeeper Instance: Name: Squirrelmail +2. Indicate the required parameters for the gatekeeper instance: +- URL to guard: +http://localhost/squirrel/ +- Gatekeeper Type: + +requires external authentication +- Path to an optional header/footer template +/www/service0/packages/dotlrn/dotlrn-master.adp +- Name of the authority used (local, pam, ldap...) or database table +with account informations: +pam +- used login form input field: +login_username +- used password form input field: +secretkey +- logout/sign-out path: +http:/localhost/squirrel/src/signout.php +- request method: +post +- form action: +http:/localhost/squirrel/redirect.php +- where to add the startpage of the webmail in openacs: +/dotlrn/?&page-num=3 + +The timeout of squirrelmail has to be set to a higher value than that of +OpenACS to make sure that the webmail session is valid as long as the +OpenACS session is valid. + + +Gatekeeper +-------------------------------------------- +The Gatekeeper Instance registers itself for auto logon on to that +authority. Thus after a sucessful login the login information is also +used to login to the webmail client and the cookies are forwarded to the +users browser. Thus the authentication package has to be extended for +post-login and logout procedure-calls. On request the gatekeeper checks +the content type (html, xhtml, compressed or not, usage of frames or +not) and rewrites the links apropriately. As soon as the user logs out +the webmail client is also logged out. + +User +-------------------------------------------- +The user simply logs into the system once and is served a link where he +can access the webmail-client. In this case over My Space-->My Mails as +Page three under dotLRN. The documentation of the webmail client has to + +be made accessible to the user. + +The current Gatekeeper has to be improved by the following: +- allow usage of templates (done already) +- allow xml, xhtml +- allow compressed data +- auto-check of frames --> if frames are used then the template is +useless or the frame has to be embedded inside another frameset. +- cookies forwarding for external application (not sure if that already +exists) + +Restrictions +-------------------------------------------- +- Different locale between OpenACS and Webmail +- Different designs (depending on the webmail client this can be changed +via templates). +- no true integration into MySpace possible to notify user that she/he +has new unread emails. + + + + +-------------------------------------------- +Other Use-Case: +-------------------------------------------- +Integration of PHPWiki (xhtml) via Gatekeeper and LDAP/PAM/SQL... + +Username Inputfield: auth[userid] +Password Inputfield: auth[passwd] +Form action: HomePage?action=browse +For OpenACS-Authority: PAM +PHPWiki can use many different types of authentication: LDAP, IMAP, +PASSWD, DB,... + + + + + + Related Links + + Lots of other web sites do related things. For example, anonymizer sites allow + you to surf the web while doing seamless translation of the page. + + Anonymizer Site + + + + + Functional Requirements + + + + + + Req # + Priority + Status in 5.0 + Description + + + + + 10.0 + A + ? + Seamless + Viewing. The gatekeeper should provide seamless viewing of URLs. This means + that the URLs should look like they belong to the ACS site, not the + original site. + + + + + Does this refer to web pages or to URL? Ie, does this mean that "user can click on a link and see (password-protected) web pages from a remote site, within the OpenACS site's look and feel," or does it mean, "user can click URLs that look like http://myopenacssite.test/foo/bar"? + + + + + 20.0 + A + ? + Restricted Browsing. +A given instance of the gatekeeper package should only provide access + to a single site. The user must not be able to modify the URL so that + arbitrary sites can be retrieved through the server. + + + + + + + + + + + + 30.0 + A + ? + Link Translation. + All links from the gatekeeper page to the given site should be + translated to use the gatekeeper. + + + + + + + + + + + 40.0 + A + ? + User Tracking. +The ability to track all pages viewed via the gatekeeper should exist. + + + + + + 50.0 Flexible Restrictions + +
+ 50.1 ACS Permissions + + + The gatekeeper package should support standard ACS permissioning. Access can thus + be limited by setting up limited read access to an instance of the gatekeeper package. + + 50.2 Callbacks + + + The gatekeepers should be provide access control via registered callbacks. + +
+ + 60.0 Full HTTP Support + + + The gatekeeper should support the entire HTTP specification. +
+ 60.1 POST Support + + + POST form submission must be supported. + + 60.2 Non-HTML Pages + + + Retrieval of non-HTML pages, such as GIFs and JPEGs, must be supported. + + 60.3 Cookie Support + + + The system should have the ability to store and respond with cookies sent + from the guarded site. + +
+
+ + +
+ + Revision History + + + + + Document Revision # + Action Taken, Notes + When? + By Whom? + + + + + 1 + Creation + 23 Nov 2000 + Joseph Bank + + + + 2 + Revised to add Nima Mazloumi's use case. + 13 Jan 2004 + Joel Aufrecht + + + + + +
\ No newline at end of file