[TYPO3-core] RFC #9474: Integrate OpenID authentication support to TYPO3
Xavier Perseguers
typo3 at perseguers.ch
Tue Oct 7 14:52:40 CEST 2008
Hi Dmitry!
> This is SVN patch request.
>
> Type: feature
>
> Branches: trunk
>
> BT reference: http://bugs.typo3.org/view.php?id=9474
The extension cannot be installed in a website not located at root of
the host:
http://www.domain.tld/somewebsite/
where somewebsite is the actual root of the TYPO3 install.
Bug:
in sv1/class.tx_openid_sv1.php, function getReturnURL, you have
// In the Backend we will use dedicated script to create session.
// It is much easier for the Backend to manage users.
// Notice: 'login_status' parameter name cannot be changed!
// It is essential for BE user authentication.
$returnURL = '/typo3/sysext/' . $this->extKey .
'/class.tx_openid_return.php?login_status=login&';
and the /typo3 forces call to t3lib_div::locationHeaderUrl() at the end
to use the HOST name without taking the somewebsite directory into
account. This leads in an error on the OpenID website server side
Solution:
$absoluteSiteURL = substr(t3lib_div::getIndpEnv('TYPO3_SITE_URL'),
strlen(t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST')));
$returnURL = $absoluteSiteURL . 'typo3/sysext/' . $this->extKey .
'/class.tx_openid_return.php?login_status=login&';
With this, the authentication is performed successfuly but the redirect
once openid-authenticated is done to the hostname, not to the
somewebsite (if I manually change url to somewebsite/backend, then I'm
getting it without further authentication needed).
I do not understand yet why this happens.
--
Xavier Perseguers
http://xavier.perseguers.ch/en/tutorials/typo3.html
More information about the TYPO3-team-core
mailing list