For anyone with something similar to the following setup:
1. Webserver hosting multiple applications on different domains
2. Shibboleth serving an existing application in addition to Dspace
Our specific use case:
1. Koha hosted on webserver from domain1
2. Dspace hosted on webserver from domain2
3. both applications served by shibboleth
We were struggling to get the Shibboleth attributes passed to Dspace, with
something like the following showing up in the dspace.log:
ERROR unknown unknown org.dspace.authenticate.ShibAuthentication @ Unable
to register new eperson because we are unable to find an email address
along with first and last name for the user.
NetId Header: 'uid'='null' (Optional)
Email Header: 'email'='null'
First Name Header: 'firstname'='null'
Last Name Header: 'lastname'='null'
This was in spite of having all the correct associations made in
dspace/config/modules/authentication-shibboleth.cfg. Furthermore, my
existing app, Koha, had session data at /Shibboleth.sso/Session.
It took us a while to find the correct configuration, but it is a
relatively easy fix:
1. Add an application override to your shibboleth.xml configuration
2. Reference the application ID in your apache configuration
*Shibboleth Configuration*
Just above your "ApplicationDefaults" section, add a requestMapper:
<RequestMapper type="Native">
<RequestMap>
<Host name="YOUR_DSPACE_API_HOSTNAME">
<Path name="/" applicationId="dspace" authType="shibboleth"
requireSession="false"/>
</Host>
</RequestMap>
</RequestMapper>
Just above your </ApplicationDefaults> tag (the closing tag) add the
override:
<ApplicationOverride id="dspace"
entityID="https://YOUR_DSPACE_API_HOSTNAME/Shibboleth.sso/Metadata";>
<Sessions lifetime="28800" timeout="7200" checkAddress="false"
handlerURL="https://YOUR_DSPACE_API_HOSTNAME/Shibboleth.sso"; />
</ApplicationOverride>
Save and restart your shibd service, making sure there are no errors.
*Apache Configuration*
In addition to the required apache2 configurations stipulated in the
documentation, you will need to include the following in your <Location />
block:
ShibRequestSetting applicationId dspace
Note that the applicationId corresponds to the name you set in your
Shibboleth RequestMap and ApplicationOverride.
I hope this helps someone.
--
All messages to this mailing list should adhere to the Code of Conduct:
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/dspace-tech/1d7b8921-8e9c-4c42-ab16-fbf1bcc7140an%40googlegroups.com.
