Samuel Ottenhoff created DS-1503:
------------------------------------
Summary: ShibAuthentication depends on use of non-recommended
Apache UseHeaders setting
Key: DS-1503
URL: https://jira.duraspace.org/browse/DS-1503
Project: DSpace
Issue Type: Bug
Components: DSpace API
Affects Versions: 3.1
Reporter: Samuel Ottenhoff
ShibAuthentication has a method findHeader that checks the request header for
an attribute (like mail address, first name, last name). Pulling attributes
from the header is not recommended per Shibboleth documentation and is *not*
the default:
ShibUseHeaders On|Off
Defaults to "Off", this turns on the use of request headers to publish
attributes to applications. Use of this option should be avoided. Be sure to
review the topic on spoof checking if you enable it.
(https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig)
By default, the attribute values are only available via getAttribute()
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
