Atlas Auth Portal 1.3.x Release Configuration

Print Friendly and PDF Follow

The Atlas Auth Portal version 1.3 was released on June 2nd, 2020. This release includes several changes in an effort to mitigate the risk of potential redirect vulnerabilities. For details regarding the changes, see Using an Authentication Portal Landing Page. To implement these changes, the release requires some modifications to the index.cshtml and web.config files. The release includes the following changes: 

  • The redirectUrl parameter has been replaced with the authType parameter. The default pages accept the authType values of AtlasAuth and RemoteAuth. 
  • The RedirectUrlCookieName setting has been removed and replaced with the AuthTypeCookieName which defaults to AtlasAuthType.

To implement these changes, please follow the instructions below: 

1. Update the Atlas Authentication Portal Bin Files 

  1. Download the Atlas Auth Portal files.
  2. Right-click and unzip download.
  3. Replace the current AtlasAuthPortal Bin files with the version 1.3 files in the Bin folder. Default location: C:\inetpub\wwwroot\aeon\AtlasAuthPortal\Bin.

2. Index.cshtml Changes

  1. Open file explorer and navigate to the web directory: C:\inetpub\wwwroot\aeon\AtlasAuthPortal\Views\Portal.
  2. Right-click and open the index.cshtml file in your preferred code editor (e.g., Notepad ++, Visual Studio Code).
  3. Edit the redirectUrl parameter value to match the authType value in the web.config file. 
    • Note: The name of the input parameter has been changed from "redirecturl" to "authType".

      WebConfig.png

3. Web.Config Changes

  1. Open file explorer and navigate to C:\inetpub\wwwroot\aeon\AtlasAuthPortal.
  2. Right-click and open the web.config file in your preferred code editor (e.g., Notepad ++, Visual Studio Code)
  3. Add the following key: 
    <add key="AuthTypeCookieName" value="AtlasAuthType"/>
  4. Edit the AuthTypeCookieName value with the AuthType used if the value if different from the default. The accepted values are AtlasAuth and RemoteAuth.

    AuthTypeKey.png
  5. Add the following key(s) depending on your authentication type:
    <add key="AtlasAuth" value="https://youruniversity.edu/aeon/aeon.dll?"/>
    <add key="RemoteAuth" value="https://youruniversity.edu/?"/>
  6. Edit the default placeholder(s) with your redirect target URL value(s).

    RedirectURLKey.png

Version 1.3.1 Update

When adding a key for an AuthType in the Web.Config file, two new specifiers ({$QueryString} and {$EncodedQueryString}) are now supported to help designate where the URL query parameters will be inserted into the target URL. 

  • {$QueryString} - inserts the query parameters as they are submitted.
  • {$EncodedQueryString} - URL-encodes the query parameters before inserting them.

To use these, add the specifiers to the target URL in Web.Config. For example:

<add key="RemoteAuth" value="https://shibdomain.com/Shibboleth.sso/Login?entityID=https%3A%2F%2Fsamltest.id%2Fsaml%2Fidp&amp;target=https%3A%2F%2Fdomain.edu%2Fremoteauth%2Faeon.dll%3F{$EncodedQueryString}" />

In the example, the target URL is a Shibboleth server which will redirect to the Aeon server (whose address is passed as the target parameter). The URL of the Aeon server is URL-encoded within the target parameter. The query parameters must also be URL-encoded in order for the Aeon server to receive them correctly.

Questions?

If this article didn’t resolve your issue, please take a moment and answer a few questions to help improve our documentation:

Feedback