Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make Coral work with Shibboleth #246

Open
wants to merge 2 commits into
base: development
Choose a base branch
from
Open

Make Coral work with Shibboleth #246

wants to merge 2 commits into from

Conversation

fondrenlibrary
Copy link
Contributor

Add back missing Logout buttons when not using Coral Auth module.
Introduce new configuration parameter - idpLogout in configuration_sample.ini of each module to hold Shibboleth IDP Logout URL.
Add htaccess template file by the name of htaccess_sample4shib into the top directory of each module.

Introduce new configuration parameter - idpLogout in configuration_sample.ini of each module to hold Shibboleth IDP Logout URL.
Add htaccess template file by the name of htaccess_sample4shib into the top directory of  each module.

to hold Shibboleth IDP Logout URL.
@jeffnm
Copy link
Member

jeffnm commented Jun 21, 2017

I wonder if it would be better to make the Auth module handle Shibboleth integration, like it does with LDAP now, rather than going back to .htaccess files.

Also, I'm concerned about adding a logout button setting to the configuration. It seems to me that we should not have to add a flag like that to every configuration file. I don't have another suggestion at the moment though.

I appreciate you working on getting Shibboleth support! It's definitely needed!

@fondrenlibrary
Copy link
Contributor Author

In order to completely log out of Shibboleth Session, the associated IDP session must be ended using the IDP logout URL which can be hard coded or stored in the configuration file. Shibboleth is different from LDAP and according to my current knowledge and our test, using htaccess is the easiest way to go.

@jeffnm
Copy link
Member

jeffnm commented Jun 21, 2017

I'm sure the .htaccess method will be the easiest to create. It was for LDAP too, but eventually we added support into the Auth module. I'd really like the Auth module to be viable for as many Auth use cases as possible, but I do understand getting something working with an .htaccess method for advanced users in the mean time.

Thanks for putting this together!

@fondrenlibrary
Copy link
Contributor Author

fondrenlibrary commented Jun 21, 2017

Actually, my 2nd thought suggests using htaccess may not be necessary, but the idp Logout URL has to be used, according to my current knowledge which is not sufficient, otherwise any user can come back without be authenticated because of the existing IDP session on Campus IDP server.
our test instance using Shibboleth is at https://coral-awslive.library.rice.edu/Coral-201

@fondrenlibrary
Copy link
Contributor Author

fondrenlibrary commented Jun 21, 2017

How about using htaccess which is adapted for Shibboleth only in the Auth folder ?

@jeffnm
Copy link
Member

jeffnm commented Jun 21, 2017

I don't know enough about Shibboleth to be very helpful, sorry. I expect I'll be learning about it later this year, so hopefully I learn something from what you come up with.

@fondrenlibrary
Copy link
Contributor Author

In order to use .htaccess only with the Auth module, index file, configuration.ini and maybe some other ones need to be modified to handle server parameter REMOTE_USER which is set by Apache after a user is authenticated via Shibboleth.

@PaulPoulain PaulPoulain added the enhancement This is an enhancement (not a bug) label Dec 12, 2017
@jeffnm
Copy link
Member

jeffnm commented Apr 29, 2019

We still need to add support for this, but I'm still not in a position to test it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement This is an enhancement (not a bug) help wanted
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants