[
http://jira.dspace.org/jira/browse/DS-48?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=10176#action_10176
]
Mark Diggory commented on DS-48:
--------------------------------
Here is a quick patch that may work to enable successful authentication of an
anonymous shibboleth user when the email address is absent.
Index: dspace-api/src/main/java/org/dspace/authenticate/ShibAuthentication.java
===================================================================
--- dspace-api/src/main/java/org/dspace/authenticate/ShibAuthentication.java
(revision 3642)
+++ dspace-api/src/main/java/org/dspace/authenticate/ShibAuthentication.java
(working copy)
@@ -120,9 +120,17 @@
if (email == null)
{
- log
- .error("No email is given, you're denied access by Shib,
please release email address");
- return AuthenticationMethod.BAD_ARGS;
+
if(ConfigurationManager.getBooleanProperty("authentication.shib.anonymous-allowed"))
+ {
+ log.info(LogManager.getHeader(context,
"anonymous","shibboleth"));
+ return AuthenticationMethod.SUCCESS;
+ }
+ else
+ {
+ log.error("No email is given, you're denied access by Shib,
please release email address");
+ return AuthenticationMethod.BAD_ARGS;
+ }
+
}
email = email.toLowerCase();
Index: dspace/config/dspace.cfg
===================================================================
--- dspace/config/dspace.cfg (revision 3642)
+++ dspace/config/dspace.cfg (working copy)
@@ -291,13 +291,15 @@
# for installation detail.
#
# DSpace requires email as user's credential. There are 2 ways of providing
-# email to DSpace:
+# email to DSpace and 1 alterative if it is absent:
# 1) by explicitly specifying to the user which attribute (header)
# carries the email address.
# 2) by turning on the user-email-using-tomcat=true which means
# the software will try to acquire the user's email from Tomcat
-# The first option takes PRECEDENCE when specified. Both options can
-# be enabled to allow fallback.
+# The first option takes PRECEDENCE when specified. Both options can
+# be enabled to allow fallback.
+# 3) by turning on the anonymous-allowed=true, if no email can be determined
+# the user will still be allowed in the system and special groups assigned
# this option below specifies that the email comes from the mentioned header.
# The value is CASE-Sensitive.
@@ -314,6 +316,10 @@
# this option below forces the software to acquire the email from Tomcat.
authentication.shib.email-use-tomcat-remote-user = true
+# this option will allow requests without email header ot tomcat user to
+# pass into DSpace authenticated and acquire mapped groups
+authentication.shib.anonymous-allowed = false
+
# should we allow new users to be registered automtically
# if the IdP provides sufficient info (and user not exists in DSpace)
authentication.shib.autoregister = true
> shibboleth+dspace1.5.1 patch - ID: 2412723
> ------------------------------------------
>
> Key: DS-48
> URL: http://jira.dspace.org/jira/browse/DS-48
> Project: DSpace 1.x
> Issue Type: New Feature
> Affects Versions: 1.5.1
> Reporter: Charles Kiplagat
> Assignee: Mark Diggory
> Fix For: 1.5.2
>
> Attachments: shib-dspace3613, shib-dspace3613-new
>
>
> This is the shibboleth patch for dspace1.5.1
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.dspace.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
