Title: Message Title
|
|
|
|
This PR is great, thanks!
I think there are still two thinks to be done before this ticket can be closed:
1.) It should be made configurable if DSpace will look for Shibboleth headers at all. The Option ShibUseHeades should be avoided for security reasons, so it would be good if DSpace wouldn't look for shibboleth headers at all. On the other side it might be helpful for debugging and the first setup of shibboleth.
2.) The documentation needs to be updated. To make shibboleth work without headers in conjunction with apache and tomcat, it is necessary to tell apache which environment variables should be passed to tomcat. This is done with the directive JkEnvVar. I'm not sure which environment variables need to be passed, at least all shibboleth attributes that will be named in [dspace]/config/module/authentication-shibboleth.cfg. Perhaps someone else knows if more environment variables are necessary (g.e. Shib-Session-ID, Shib-Session-Index, Shib-Identity-Provider, Shib-Authentication-Instant, ...).
|
|
|
|
|
|
|
ShibAuthentication has a method findHeader that checks the request header for an attribute (like mail address, first name, last name). Pulling attributes from the header is not recommended per Shibboleth documentation and is *not* the default:
ShibUseHeaders On|Off
Defaults to "Off", this turns on the use of request headers to publish attributes to...
|
|
|
|
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel
