[
https://jira.duraspace.org/browse/DS-187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tim Donohue closed DS-187.
--------------------------
Resolution: Fixed
Unless I'm mistaken, these changes were resolved by DS-309 and more recent
changes to the Shibboleth auth method.
Comparing the attached patch to what is in the current
'authentication-shibboleth.cfg', I believe the requested configs have been
added in recent releases of DSpace (between 1.6 and 3.0):
https://github.com/DSpace/DSpace/blob/master/dspace/config/modules/authentication-shibboleth.cfg
Therefore, I'm going to close this ticket and marked as "fixed". We can always
open up new tickets if anything is still missing from the shib auth method.
> Allow anonymous user and scoped role header in Shibboleth auth method
> ---------------------------------------------------------------------
>
> Key: DS-187
> URL: https://jira.duraspace.org/browse/DS-187
> Project: DSpace
> Issue Type: Improvement
> Components: DSpace API
> Affects Versions: 1.5.2
> Reporter: Andrea Bollini
> Priority: Major
> Attachments: shib-dspace3613-new
>
>
> This issue has been created from the follow up of the DS-48 issue.
> Stuart Hicks, Systems Engineer at OhioLINK, has been working with a slightly
> older version of the patch than what was released today and found two things
> that we need in our environment:
> # Anonymous users - We can't guarantee that we'll get an eppn, email address,
> or much of anything else from the schools except the mandatory affiliation
> values. This is the issue that the attached patch addresses. Anonymous users
> are defaulted to a preset account dictated by the email-default value in
> dspace.cfg
> # Scoping - The authentication.shib.role handlers need to support scoping as
> we use eduPersonScopedAffiliation attributes rather than the unscoped variety.
> Here's the text from his patch (based on an earlier version) to allow
> anonymous, but Shibboleth authenticated users. Would it be possible to get
> this change incorporated into the main codebase?:
> diff -ur dspace-1_5-with-shib.orig/dspace/config/dspace.cfg
> dspace-1_5-with-shib/dspace/config/dspace.cfg
> --- dspace-1_5-with-shib.orig/dspace/config/dspace.cfg 2009-03-27
> 10:46:22.000000000 -0400
> +++ dspace-1_5-with-shib/dspace/config/dspace.cfg 2009-03-27
> 10:47:55.000000000 -0400
> @@ -324,6 +324,10 @@
> # this option below forces the software to acquire the email from Tomcat.
> #authentication.shib.email-use-tomcat-remote-user = true
>
> +# this is the default email used for Shib-authenticated sessions that
> +# do not include user-identifiable data (eppn, mail, etc.)
> +#authentication.shib.email-default = [email protected]
> +
> # should we allow new users to be registered automtically
> # if the IdP provides sufficient info (and user not exists in DRC)
> #authentication.shib.autoregister = true
> diff -ur
> dspace-1_5-with-shib.orig/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java
>
> dspace-1_5-with-shib/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java
> ---
> dspace-1_5-with-shib.orig/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java
> 2009-03-27 10:46:18.000000000 -0400
> +++
> dspace-1_5-with-shib/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java
> 2009-03-27 11:09:21.000000000 -0400
> @@ -59,6 +59,7 @@
>
> boolean isUsingTomcatUser =
> ConfigurationManager.getBooleanProperty("authentication.shib.email-use-tomcat-remote-user");
> String emailHeader =
> ConfigurationManager.getProperty("authentication.shib.email-header");
> + String emailDefault =
> ConfigurationManager.getProperty("authentication.shib.email-default");
>
> String email = null;
>
> @@ -82,6 +83,11 @@
> EPerson p = context.getCurrentUser();
> if(p != null) email = p.getEmail();
> }
> +
> + //Check to see if they provided a default account
> + if(email == null && emailDefault != null){
> + email = emailDefault;
> + }
>
> if(email == null){
> log.error("No email is given, you're denied access by Shib,
> please release email address");
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
