Optionally read affiliation from a Shibbolet attribution instead of DiscoFeed

[pkiraly]

In our Shibboleth implementation the DiscoFeed contains only one service name, and the user's affiliation is stored in an attribution of the XML file sent by Shibboleth service. This makes several problems:

1. the service name is not an organisation name
2. the user can not change the bad affiliation string
3. the bad affiliation string occurs in every dataverse and dataset creation form as a default value

This situation is frustrating for bot our users and us.

Here is a suggestion for a Dataverse code change to solve this issue. It would have multiple components (all of these are pseudo code):

1. adding an optional configuration setting: affiliationSource for the source of affiliation with two options:

• DiscoFeed (default value, and runs the current code without any modification)
• a Shibboleth attribute name

2. configure Shibbolet to send the attribute we set in step 1

3. within ShibServiceBean.getAffiliation() method add a switch like this:

AffiliationSource affiliationSource = ... // read configuration
switch (affiliationSource.getType()) {
  case AffiliationSource.Shibbolet:
    String shibbolethAttribute = affiliationSource.getShibbolethAttribute();
    String affiliation = readAffiliationFromAttribute(shibbolethAttribute);
    break;
  case AffiliationSource.DiscoFeed:
  default:
    String affiliation = ... // run current code
    break;
}

AffiliationSource has a type, which is an enum of ShibbolethAttribute and DiscoFeed, and a shibboletAttribute (String) field, which contains which attribute should be used.

note: this comment is summary of a thread at the dataverse-community mailing list: https://groups.google.com/forum/#!topic/dataverse-community/7FwrzfIQZfY.

[pdurbin]

the user can not change the bad affiliation string

I'm especially interested in fixing this. OAuth, Builtin, and OIDC users can set their affiliation to whatever they want whenever they want. Should we empower Shibboleth users to edit their affiliation as well?

[pkiraly]

@pdurbin I agree, changing affiliation would be useful. We should take care that once the affiliation is manually changed Dataverse should not owverwrite it.

On the other hand: changing affiliation is a related, but different issue, it needs change in different code than that of the extraction of the affiliation from Shibboleth attributes, so it deserves its own issue.

[pkiraly]

I have created a new ticket for the manual change: #6515