AuthorizationService

From OpenSimulator

(Difference between revisions)
Jump to: navigation, search
m (Fix orphelines)
 
(7 intermediate revisions by 5 users not shown)
Line 1: Line 1:
The Authorization service is currently just a skeleton to be later expanded, however in grid mode it can be used to communicate an external authorization service.
+
{{Quicklinks}}
  
 +
The Authorization service is currently just a skeleton to be later expanded, however in grid mode it can be used to communicate an external authorization service.
  
 
== Configuration ==
 
== Configuration ==
Line 8: Line 9:
  
 
add a section such as the following, altering the URI to point to your authorization server
 
add a section such as the following, altering the URI to point to your authorization server
<code>
+
<source lang=ini>
 
     [AuthorizationService]
 
     [AuthorizationService]
 
     ;
 
     ;
Line 14: Line 15:
 
     ;
 
     ;
 
     AuthorizationServerURI = "http://localhost/auth.php"
 
     AuthorizationServerURI = "http://localhost/auth.php"
</code>
+
</source>
 
+
  
 
== Message Formats ==
 
== Message Formats ==
Line 45: Line 45:
 
     </AuthorizationResponse>
 
     </AuthorizationResponse>
 
</source>
 
</source>
 
  
 
The '''IsAuthorized''' element must contain either the string '''true''' or the string '''false'''. The '''Message''' element can contain any string, at the moment this message
 
The '''IsAuthorized''' element must contain either the string '''true''' or the string '''false'''. The '''Message''' element can contain any string, at the moment this message
will only be shown on the OpenSim region console.
+
will only be shown on the OpenSimulator region console.
  
 
== Example PHP ==
 
== Example PHP ==
 
A basic php example for parsing the Authorization XML and responding.
 
A basic php example for parsing the Authorization XML and responding.
 
 
<source lang=php>
 
<source lang=php>
    <?php
+
<?php
       
+
class AuthorizationResponse
     class AuthorizationResponse
+
{
 +
     private $m_isAuthorized;
 +
    private $m_message;
 +
 
 +
    public function AuthorizationResponse($isAuthorized,$message)
 
     {
 
     {
    private $m_isAuthorized;
+
        $this->m_isAuthorized = $isAuthorized;
    private $m_message;
+
        $this->m_message = $message;
   
+
    public function AuthorizationResponse($isAuthorized,$message)
+
    {
+
    $this->m_isAuthorized = $isAuthorized;
+
    $this->m_message = $message;
+
    }
+
   
+
    public function toXML()
+
    {
+
    return '<?xml version="1.0" encoding="utf-8"?><AuthorizationResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><IsAuthorized>'. $this->m_isAuthorized .'</IsAuthorized><Message>'. $this->m_message .'</Message></AuthorizationResponse>';
+
   
+
    }
+
 
     }
 
     }
   
+
 
     class AuthorizationRequest
+
     public function toXML()
 
     {
 
     {
    private $m_isAuthorized;
+
        return '<?xml version="1.0" encoding="utf-8"?><AuthorizationResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><IsAuthorized>'. $this->m_isAuthorized .'</IsAuthorized><Message>'. $this->m_message .'</Message></AuthorizationResponse>';
    private $m_message;   
+
    public $ID;
+
    public $FirstName;
+
    public $SurName;
+
    public $Email;
+
    public $RegionName;
+
    public $RegionID;   
+
   
+
    public function parseRequest($request)
+
    {
+
    $reader = new XMLReader();
+
  
                $reader->XML($request);
 
while ($reader->read())
 
{
 
      if ($reader->nodeType == XMLReader::ELEMENT)
 
      {
 
      switch($reader->name)
 
      {
 
      case 'AuthorizationRequest':
 
      //$log->write("AuthorizationRequest element");
 
      break;
 
      case 'ID':
 
      $reader->read();
 
      $this->ID = $reader->value;
 
      break;
 
      case 'FirstName':
 
      $reader->read();
 
      $this->FirstName = $reader->value;
 
      break;
 
      case 'SurName':
 
      $reader->read();
 
      $this->SurName = $reader->value;
 
      break;
 
      case 'Email':
 
      $reader->read();
 
      $this->Email = $reader->value;
 
      break;
 
      case 'RegionName':
 
      $reader->read();
 
      $this->RegionName = $reader->value;
 
      break;
 
      case 'RegionID':
 
      $reader->read();
 
      $this->RegionID = $reader->value;
 
      break;
 
      }
 
     
 
      }
 
     
 
}
 
    }
 
   
 
 
     }
 
     }
   
+
}
   
+
    $request = @file_get_contents('php://input');
+
  
     $authReq = new AuthorizationRequest();
+
class AuthorizationRequest
     $authReq->parseRequest($request);
+
{
 +
     private $m_isAuthorized;
 +
     private $m_message;   
 +
    public $ID;
 +
    public $FirstName;
 +
    public $SurName;
 +
    public $Email;
 +
    public $RegionName;
 +
    public $RegionID;  
  
     $authResp = new AuthorizationResponse("true","You are authorized");
+
     public function parseRequest($request)
    echo $authResp->toXML();
+
    {
 +
        $reader = new XMLReader();
 +
        $reader->XML($request);
 +
 
 +
        while ($reader->read())
 +
        {
 +
            if ($reader->nodeType == XMLReader::ELEMENT)
 +
            {
 +
                switch($reader->name)
 +
                {
 +
                    case 'AuthorizationRequest':
 +
                    // $log->write("AuthorizationRequest element");
 +
                    break;
 +
                    case 'ID':
 +
                        $reader->read();
 +
                        $this->ID = $reader->value;
 +
                    break;
 +
                    case 'FirstName':
 +
                        $reader->read();
 +
                        $this->FirstName = $reader->value;
 +
                    break;
 +
                    case 'SurName':
 +
                        $reader->read();
 +
                        $this->SurName = $reader->value;
 +
                    break;
 +
                    case 'Email':
 +
                        $reader->read();
 +
                        $this->Email = $reader->value;
 +
                    break;
 +
                    case 'RegionName':
 +
                        $reader->read();
 +
                        $this->RegionName = $reader->value;
 +
                    break;
 +
                    case 'RegionID':
 +
                        $reader->read();
 +
                        $this->RegionID = $reader->value;
 +
                    break;
 +
                }
 +
            }
 +
        }
 +
    }
 +
}
  
    ?>
+
$request = @file_get_contents('php://input');
 +
$authReq = new AuthorizationRequest();
 +
$authReq->parseRequest($request);
 +
$authResp = new AuthorizationResponse("true", "You are authorized");
 +
echo $authResp->toXML();
 +
?>
 
</source>
 
</source>

Latest revision as of 08:19, 19 October 2020

The Authorization service is currently just a skeleton to be later expanded, however in grid mode it can be used to communicate an external authorization service.

[edit] Configuration

To point your region at an external Authorization service edit the file

bin/config-include/GridCommon.ini

add a section such as the following, altering the URI to point to your authorization server

[AuthorizationService]
    ;
    ; change this to your grid-wide authorization server
    ;
    AuthorizationServerURI = "http://localhost/auth.php"

[edit] Message Formats

When a user attempts to enter a region an HTTP POST will be made to the AuthorizationServerURI you specified in the config. The body of the POST will be an XML serialized AuthorizationRequest object.

Example

<?xml version="1.0" encoding="utf-8"?>
    <AuthorizationRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <ID>decc5198-9de2-11de-be89-00145eecaa9a</ID>
        <FirstName>Rob</FirstName>
        <SurName>Smart</SurName>
        <Email>user@host.com</Email>
        <RegionName>test region</RegionName>
        <RegionID>e276e142-a099-4d6d-8f2d-0aad91ede958</RegionID>
    </AuthorizationRequest>

The authorization service needs to respond with an XML message that matches an XML serialized AuthorizationResponse object.

Example

<?xml version="1.0" encoding="utf-8"?>
    <AuthorizationResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <IsAuthorized>true</IsAuthorized>
        <Message>Rob Smart has been authorized for the region test region.</Message>
    </AuthorizationResponse>

The IsAuthorized element must contain either the string true or the string false. The Message element can contain any string, at the moment this message will only be shown on the OpenSimulator region console.

[edit] Example PHP

A basic php example for parsing the Authorization XML and responding.

<?php
class AuthorizationResponse
{
    private $m_isAuthorized;
    private $m_message;
 
    public function AuthorizationResponse($isAuthorized,$message)
    {
        $this->m_isAuthorized = $isAuthorized;
        $this->m_message = $message;
    }
 
    public function toXML()
    {
        return '<?xml version="1.0" encoding="utf-8"?><AuthorizationResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><IsAuthorized>'. $this->m_isAuthorized .'</IsAuthorized><Message>'. $this->m_message .'</Message></AuthorizationResponse>';
 
    }
}
 
class AuthorizationRequest
{
    private $m_isAuthorized;
    private $m_message;    	
    public $ID;
    public $FirstName;
    public $SurName;
    public $Email;
    public $RegionName;
    public $RegionID;    	
 
    public function parseRequest($request)
    {
        $reader = new XMLReader();
        $reader->XML($request);
 
        while ($reader->read()) 
        {
            if ($reader->nodeType == XMLReader::ELEMENT) 
            {
                switch($reader->name)
                {
                    case 'AuthorizationRequest':
                    // $log->write("AuthorizationRequest element");
                    break;	
                    case 'ID':
                        $reader->read();
                        $this->ID = $reader->value;
                    break;
                    case 'FirstName':
                        $reader->read();
                        $this->FirstName = $reader->value;
                    break;
                    case 'SurName':
                        $reader->read();
                        $this->SurName = $reader->value;
                    break;
                    case 'Email':
                        $reader->read();
                        $this->Email = $reader->value;
                    break;
                    case 'RegionName':
                        $reader->read();
                        $this->RegionName = $reader->value;
                    break;
                    case 'RegionID':
                        $reader->read();
                        $this->RegionID = $reader->value;
                    break;
                }
            }
        }
    }
}
 
$request = @file_get_contents('php://input');
$authReq = new AuthorizationRequest();
$authReq->parseRequest($request);
$authResp = new AuthorizationResponse("true", "You are authorized");
echo $authResp->toXML();
?>
Personal tools
General
About This Wiki