Index

Subject : Re: LUG: New Project: UnWRAP

From : Edward Anderson <nilbus@nilbus.[redacted]>

Date : Wed, 07 Sep 2011 20:20:58 -0400

Parent


That's a really cool idea. It could be potentially useful for the course registration system http://freshtracks.heroku.com in the future, if it's further developed.

Edward

On Wed, Sep 7, 2011 at 8:15 PM, Matthew Frazier < mlfrazie@ncsu.[redacted] > wrote:
Hey, everyone. I'm sure you're familiar with the WRAP system that is used as a single sign on system at NC State. A problem with WRAP is that it only works on ncsu.edu domains, so I created something to fix that…UnWRAP.

UnWRAP isn't quite single sign on, but it's close. On a site that uses UnWRAP, when the user clicks "Log In," they are bounced to the UnWRAP site (which is currently on people.engr.ncsu.edu - does Short have mod_auth_wrap installed?) with a bunch of query string parameters in their URL (all signed with a secret key using HMAC-SHA-1, of course). UnWRAP checks that they are properly logged in with WRAP, verifies that a legitimate site is requesting their identity, and sends them back to the return URL provided by the original site, with their Unity username and some verification info in the query string.

You can test out UnWRAP and see how it works at http://unwraptest.ep.io/ - I'll release the source to the demo, the Python library I wrote, and UnWRAP itself later once I get everything cleaned up. For now, just tell me what you think of the idea, feel free to ask questions, and let me know if it breaks.

Thanks,
Matthew Frazier
North Carolina State University