Hi all, DSpace 6.3, Tomcat 7, Amazon Linux 2
I have implemented Shibboleth authentication. It is working but now I need to auto-allocate users to role-based groups. I have followed the documentation on the duraspace wiki but I am not clear on how claim attributes are specified so that they can be used by the authentication-shibboleth.cfg configuration. In /etc/shibboleth/attribute-map.xml I have added: <Attribute name="http://schemas.xmlsoap.org/ws/2008/06/identity/claims/role"; id="SHIB-SCOPED-AFFILIATION"/> And then in authentication-shibboleth.cfg I have: authentication-shibboleth.role-header = SHIB-SCOPED-AFFILIATION # Whether to ignore the attribute's scope or value. authentication-shibboleth.role-header.ignore-scope = true authentication-shibboleth.role-header.ignore-value = false # Default mappings of roles values to a comma separated list of DSpace group # names (Case Sensitive). authentication-shibboleth.role.staff = staffRole authentication-shibboleth.role.student = studentRole However when I login with my staff credentials via Shibboleth/SAML I get: 2019-10-17 21:27:01,761 INFO org.dspace.authenticate.ShibAuthentication @ [email protected] has been authenticated via shibboleth. 2019-10-17 21:27:01,761 INFO org.dspace.eperson.EPersonServiceImpl @ [email protected]:session_id=xxxxxxxxxxxxxxxxxxxx:ip_addr=xxxxxxxxxxx:update_eperson:eperson_id=xxxxxxxxxxxxxxxxxxx 2019-10-17 21:27:01,761 INFO org.dspace.app.xmlui.utils.AuthenticationUtil @ [email protected]:session_id=xxxxxxxxxxxxxxxxxxxx:ip_addr=xxxxxxxxxxxxxxxx:login:type=explicit 2019-10-17 21:27:01,779 INFO org.dspace.authenticate.ShibAuthentication @ Added current EPerson to special groups: [] So you can see authentication is successful but adding to special groups is not working (“[]”). I have confirmed that the SAML response contains the data: <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role";> <AttributeValue>staff</AttributeValue> </Attribute> Where am I going wrong?? Thanks, Gary Gary Browne | Technical Manager, Developments Online Services University of Sydney Library THE UNIVERSITY OF SYDNEY Level 1, Fisher Library F03, The University of Sydney NSW 2006 T +61 2 9351 5946 | M +61 405 647 868 E [email protected]<https://webmail.sydney.edu.au/owa/redir.aspx?C=OXYu29eFmlOiJviVN3CHunM5oGoASVvNNYb-H0ZnmZGiO6bY9qPUCA..&URL=mailto%3agary.browne%40sydney.edu.au> The University of Sydney Camperdown campus stands on land of the Gadigal peoples of the Eora nation. -- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/3B763FB0-A80C-4BFB-B733-55253DA031CF%40sydney.edu.au.
