Table of Contents
Most web applications require authentication of some kind. Since this is such a common task, it is a core service in Marmot.
Marmot includes support for LDAP authentication. It is also integrated with Miami University's enterprise Single Sign On (SSO) and authentication system called Web Authentication Services (WAS).
Any Marmot application can take advantage of authentication services with the addition of one function call. The Application.php file is usually the most sensible place to put it. Be aware that adding this function to your Application.php will enforce authentication for any Marmot page managed by that Application.php file.
This function will check to make sure that the current user is authenticated to this application. If he is not, he will be prompted to log in.
Note that the only parameter to the function mu_check_authenticated_user() is an array. The array contains key/value pairs that are the configuration options for how the function behaves. You must pass an array as the only parameter. The configuration options are:
Table 2.1. mu_check_authenticated_user options
| application_name | The name of the application. Used by the template when creating the login form. |
| session_name | The name of the application. Used by the template when creating the login form. |
| add_nav_func | Optional. The name of a function to call to add your application's navigation elements to a presentation object. |
| was_enabled | Optional. Determines if a valid WAS session will be honored for login and if a generated login page will be submitted to WAS. |
There is one additional, rather dangerous parameter to the mu_check_authenticated_user() function. You may provide a parameter 'allow_switch' with a value of true to turn on user switching at login. Turning on user switching adds an additional field to the login form allow you to specify another uniqueid. Upon successful authentication, the alternate uniquied will be used to populate the session variables. The ability to switch to another user is an excellent way to test what your application looks like when another user logs in. It must be used carefully as there is no opportunity to otherwise authorize the person. It must be removed before the application is moved to production.
After the authentication is complete, the following entries will be populated into your application's $_SESSION superglobal:
Table 2.2. Authentication-related $_SESSION entries
| $_SESSION['authenticated'] | The authentication status. Contains the PHP boolean values true or false accordingly. |
| $_SESSION['authenticated_uid'] | The username/Unique ID/UID of the currently authenticated user. |
| $_SESSION['authenticated_dn'] | The LDAP Distingushed Name of the currently authenticated user. |