[
http://jira.dspace.org/jira/browse/DS-48?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=10170#action_10170
]
Keith Gilbertson commented on DS-48:
------------------------------------
Stuart Hicks, Systems Engineer at OhioLINK, has been working with a slightly
older version of the patch than what was released today and found two things
that we need in our environment:
# Anonymous users - We can't guarantee that we'll get an eppn, email address,
or much of anything else from the schools except the mandatory affiliation
values. This is the issue that the attached patch addresses. Anonymous users
are defaulted to a preset account dictated by the email-default value in
dspace.cfg
# Scoping - The authentication.shib.role handlers need to support scoping as we
use eduPersonScopedAffiliation attributes rather than the unscoped variety.
Here's the text from his patch (based on an earlier version) to allow
anonymous, but Shibboleth authenticated users. Would it be possible to get
this change incorporated into the main codebase?:
diff -ur dspace-1_5-with-shib.orig/dspace/config/dspace.cfg
dspace-1_5-with-shib/dspace/config/dspace.cfg
--- dspace-1_5-with-shib.orig/dspace/config/dspace.cfg 2009-03-27
10:46:22.000000000 -0400
+++ dspace-1_5-with-shib/dspace/config/dspace.cfg 2009-03-27
10:47:55.000000000 -0400
@@ -324,6 +324,10 @@
# this option below forces the software to acquire the email from Tomcat.
#authentication.shib.email-use-tomcat-remote-user = true
+# this is the default email used for Shib-authenticated sessions that
+# do not include user-identifiable data (eppn, mail, etc.)
+#authentication.shib.email-default = [email protected]
+
# should we allow new users to be registered automtically
# if the IdP provides sufficient info (and user not exists in DRC)
#authentication.shib.autoregister = true
diff -ur
dspace-1_5-with-shib.orig/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java
dspace-1_5-with-shib/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java
---
dspace-1_5-with-shib.orig/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java
2009-03-27 10:46:18.000000000 -0400
+++
dspace-1_5-with-shib/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java
2009-03-27 11:09:21.000000000 -0400
@@ -59,6 +59,7 @@
boolean isUsingTomcatUser =
ConfigurationManager.getBooleanProperty("authentication.shib.email-use-tomcat-remote-user");
String emailHeader =
ConfigurationManager.getProperty("authentication.shib.email-header");
+ String emailDefault =
ConfigurationManager.getProperty("authentication.shib.email-default");
String email = null;
@@ -82,6 +83,11 @@
EPerson p = context.getCurrentUser();
if(p != null) email = p.getEmail();
}
+
+ //Check to see if they provided a default account
+ if(email == null && emailDefault != null){
+ email = emailDefault;
+ }
if(email == null){
log.error("No email is given, you're denied access by Shib, please
release email address");
> shibboleth+dspace1.5.1 patch - ID: 2412723
> ------------------------------------------
>
> Key: DS-48
> URL: http://jira.dspace.org/jira/browse/DS-48
> Project: DSpace 1.x
> Issue Type: New Feature
> Affects Versions: 1.5.1
> Reporter: Charles Kiplagat
> Assignee: Mark Diggory
> Fix For: 1.5.2
>
> Attachments: shib-dspace3613, shib-dspace3613-new
>
>
> This is the shibboleth patch for dspace1.5.1
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.dspace.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
