CGIPARSE(8) DACS Web Services and CGI CGIPARSE(8)

NAME

cgiparse — CGI argument parsing utility

SYNOPSIS

cgiparse [mode] [-enc { none | url | mime | dacs }] [-in filename] [-d] [-nonewline]
[-qs query-string] [-copy filename] [[-n name filename]...]

DESCRIPTION

This program is part of the DACS suite. It is a stand-alone program that neither accepts the usual DACS command e2.2/; </rule> </acl_rule>

The preceding configuration results in the following behaviour. An unauthenticated user accessing foo.html (https://example.com/foo.html) is denied access because the rule governing that web page tests for authentication and no credentials are sent with the request. As a result, the ACS_ERROR_HANDLER directive causes the user to be redirected to dacs_autologin_ssl, which redirects the user to dacs_authenticate, passing arguments as necessary.

dacs_authenticate then invokes local_cert_authenticate, passing it the client's certificate. The certificate is validated and a username is extracted from it and mapped to a valid DACS username.

If authentication succeeds, DACS credentials for the jurisdiction EXAMPLE are generated. These credentials are returned to the browser within a cookie and the browser is redirected to the value of DACS_ERROR_URL (recall that DACS_ERROR_URL was passed to dacs_autologin_ssl by dacs_acs when the 902 handler was invoked and was forwarded to dacs_authenticate). In this example the user is redirected to https://example.com/foo.html. Given the rule above, this time the user's request for foo.html will be granted.

dacs_autologin_ssl may also be used as the target of an explicit authentication link. For example: 

<a href="https://example.com/cgi-bin/dacs/dacs_autologin_ssl?\
AUTH_JURISDICTION=EXAMPLE&\
DACS_ERROR_URL=https://example.com/cgi-bin/dacs/dacs_current_credentials">Login</a>

Following the link should result in the user being authenticated and redirected to the specified URL.

DIAGNOSTICS

The program exits 0 if everything was fine, 1 if an error occurred.

SEE ALSO

dacs_authenticate(8), dacs_acs(8), dacs.conf(5), autologin(8)

AUTHOR

Distributed Systems Software (www.dss.ca)

COPYING

Copyright 2003-2012 Distributed Systems Software. See the LICENSE file that accompanies the distribution for licensing information.

DACS Version 1.4.27b 22-Okt-2012 DACS_AUTOLOGIN_SSL(8)

Table of Contents
Font:
 −− Set ++

$Id: dacs_autologin_ssl.8.xml 2563 2012-02-07 22:40:41Z brachman $
./usr/share/doc/dacs-examples/dacs/man/dacs_mex.8.html0000644000000000000000000001506312041241575021431 0ustar rootroot dacs_mex
DACS_MEX(8) DACS Web Services and CGI DACS_MEX(8)

NAME

dacs_mex — WS-MetadataExchange responder for Information Cards

SYNOPSIS

dacs_mex [dacsoptions]

DESCRIPTION

This program is part of the DACS suite.

The dacs_mex web service is the WS-MetadataExchange responder for DACS's managed Information Cards.

Refer to dacs_infocard(8) and dacs_managed_infocard(8) for additional information.

OPTIONS

Web Service Arguments

dacs_mex understands the following CGI arguments:

AUTHTYPE

This argument identifies the authentication credential type required by the IP/STS. The following values are understood:

  • PASSWD

    The UsernamePasswordCredential authentication credential type is required.

  • CERT

    The X509V3Credential authentication credential type is required.

  • CARD

    The SelfIssuedCredential authentication credential type is required.

DIAGNOSTICS

The program exits 0 if everything was fine, 1 if an error occurred.

BUGS

As this is a relatively new and complicated feature, please test carefully.

SEE ALSO

dacsinfocard(1), dacs.conf(5), dacs_authenticate(8), dacs_sts(8), Using InfoCards With DACS

AUTHOR

Distributed Systems Software (www.dss.ca)

COPYING

Copyright 2003-2012 Distributed Systems Software. See the LICENSE file that accompanies the distribution for licensing information.

DACS Version 1.4.27b 22-Okt-2012 DACS_MEX(8)

Table of Contents
Font:
 −− Set