[
https://jira.duraspace.org/browse/DS-1503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=27774#comment-27774
]
Samuel Ottenhoff commented on DS-1503:
--------------------------------------
Pull request: https://github.com/DSpace/DSpace/pull/196
> ShibAuthentication depends on use of non-recommended Apache UseHeaders setting
> ------------------------------------------------------------------------------
>
> Key: DS-1503
> URL: https://jira.duraspace.org/browse/DS-1503
> Project: DSpace
> Issue Type: Bug
> Components: DSpace API
> Affects Versions: 3.1
> Reporter: Samuel Ottenhoff
> Labels: shibboleth
>
> ShibAuthentication has a method findHeader that checks the request header for
> an attribute (like mail address, first name, last name). Pulling attributes
> from the header is not recommended per Shibboleth documentation and is *not*
> the default:
> ShibUseHeaders On|Off
> Defaults to "Off", this turns on the use of request headers to publish
> attributes to applications. Use of this option should be avoided. Be sure to
> review the topic on spoof checking if you enable it.
> (https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig)
> By default, the attribute values are only available via getAttribute()
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
