You can use Pope Tech to perform an automated accessibility check on published Google Sites pages that require UMN Shibboleth authentication in order to view them. For Drupal sites, see Pope Tech: Scan Drupal Intranet Content. For other types of websites or applications, see Pope Tech: Scan Websites or Applications Behind Authentication.
Note: Only data classified as public per the University data security classification policy may be scanned with Pope Tech.
Add a Functional account to your website
- If you already have access to a UMN functional account that has a Google account, you can use that account and can skip to step 3.
- Request a functional account to use for Pope Tech testing with your website(s).
- On the request form, select the following:
- Which OIM environment should the account be created in?
- PRODUCTION (Account will be created in OIM PROD environment)
- What access should be provisioned for this Functional Account?
- Ldap (Lightweight Directory Access Protocol)
- Which OIM environment should the account be created in?
- Once your account is created, use an incognito/private browsing window to sign in to a Google product (i.e. gmail.com) with this account.
- When prompted, accept the Terms and Conditions to activate the Google account
- On the request form, select the following:
- Confirm that the functional account can view your website
- If your published website is restricted to specific people, share your website with the functional account you will use for testing.
- If your published website is viewable to anyone in your UMN Campus Google domain, you do not need to explicitly share your site with the account you will use for testing (as long as your testing account belongs to the same campus).
Setup authentication for your site within Pope Tech
Note: Add your website to Pope Tech first if you have not done so, and then return to complete the steps below.
Edit Website Settings
- In your Website Settings, make sure the Base URL field is set to the url that will prefix each path on your website - i.e. https://sites.google.com/umn.edu/mysite or https://mysite.umn.edu for a website with a vanity URL. Pope Tech may have automatically updated this field after you saved it to something beginning with https://accounts.google.com/ - this will not work.
- Check the Ignore redirect? checkbox underneath the Base URL to prevent Pope Tech from updating the URL
- Expand the Authentication Options accordion in the right-hand column.
- Check the checkbox for Use Website Authentication?
- Leave the Authentication Type dropdown set to Cookie
- In the Login URL field, enter the same URL listed in the Base URL field
- Check the checkbox for Use Advanced Authentication? New fields to set up step 1 under a new Advanced Steps heading will appear.
Configure Advanced Authentication Step 1
- Leave the dropdown field for Step Action set to Type into input
- Enter #identifierId in the Element Selector (example: #myId) field
- In the Input text field, enter the full email address for the functional account you will use for your testing - i.e. [email protected]
- Do not check the checkbox for Is field a password?
Add and Configure Step 2
- Click the Add Step button. New fields for step 2 will appear.
- Select Click in the Step Action dropdown
- Enter #identifierNext in the Element Selector (example: #myId) field
Add and Configure Step 3
- Click the Add Step button. New fields for step 3 will appear.
- Leave the dropdown field for Step Action set to Type into input
- In the Element Selector (example: #myId) field, enter #username
- Do not check the checkbox for Is field a password?
- In the Input text field, enter the internet ID of the functional account that you will be using for testing your website with Pope Tech. Do not include @umn.edu
Add and Configure Step 4
- Click the Add Step button. New fields for step 4 will appear.
- Leave the dropdown field for Step Action set to Type into input
- In the Element Selector (example: #myId) field, enter #password
- Check the checkbox for Is field a password?
- In the password field, enter the UMN account password for the functional account corresponding to the username entered above. The password will appear as dots representing each character and there is no confirmation field, so ensure that you enter the password correctly.
Add and Configure Step 5
- Click the Add Step button. New fields for step 5 will appear.
- Select Click in the Step Action dropdown
- Enter .idp3_form-submit in the Element Selector (example: #myId) field
Add and Configure Step 6
- Click the Add Step button. New fields for step 6 will appear.
- Select Wait for time in the Step Action dropdown
- Enter 3 in the Wait time field
Complete Setup
- In the Success Identifier Selector (example: #myId) field, enter #yDmH0d
- You will need to check the checkbox acknowledging that you "understand that scanning behind a login isn't intended to be used to scan any sensitive, private, or confidential data that shouldn't be stored on Pope Tech servers" and that you "understand, have read, and agree to the Pope Tech terms of use" before you can proceed.
- Click the ✔Save button. The Edit Website Settings window closes automatically.
Test Authentication
- Click Edit Website Settings to re-open the settings window.
- Expand the Authentication Options accordion in the right-hand column.
- Scroll to the bottom and click the button to Test Authentication to ensure that you have entered everything correctly.
Add your intranet pages
Pope Tech can scan pages behind authentication, but it cannot find those pages by crawling your site. You will either need to manually add the paths that require authentication through the Pope Tech user interface, or you can upload a CSV file containing those paths. See the vendor's Add Pages article for instructions.
Scan your website
Once you have tested your pages, you can proceed to scan your website. Note that you should uncheck the Crawl option before clicking the Start button for intranet websites. If you leave the box checked, it will fail the crawl and then proceed to run the scan.