Hello all,
I am having some trouble when using DSpace 1.6.2 and Shibboleth in what
regards to the association to groups based on DSPACE_ROLES header
(getSpecialGroup).
Can someone give me an hint on where should I look to surpass this problem?
Versions of Software:
*DSpace 1.6.2
Apache 2.2.3
Tomcat 6.0.14
Shibboleth SP 2.3.1
*
My configuration is the following:
*DSpace*
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.ShibAuthentication, \
org.dspace.authenticate.PasswordAuthentication
...
authentication.shib.email-header = MAIL
authentication.shib.firstname-header = GIVEN_NAME
authentication.shib.lastname-header = SURNAME
authentication.shib.email-use-tomcat-remote-user = false
authentication.shib.autoregister = true
authentication.shib.role-header = DSPACE_ROLES
authentication.shib.role-header.ignore-scope = true
authentication.shib.default-roles = Anonymous
authentication.shib.role.Administrator = Administrator
authentication.shib.role.GroupX = GroupX
*Apache Virtual Host configuration*
SetEnvIf Request_URI "/Shibboleth.sso" no-jk
SetEnvIf Request_URI "/Shibboleth.sso/*" no-jk
<LocationMatch /Shibboleth.sso/*>
ShibRequestSetting applicationId repo-x
</LocationMatch>
<Location /shibboleth-login>
AuthType shibboleth
ShibRequireSession On
ShibRequestSetting applicationId repo-x
ShibRequestSetting redirectToSSL 443
ShibUseHeaders On
ShibExportAssertion On
require valid-user
</Location>
Below I post some logs from dspace.log in what refers to
ShibbolethServlet and ShibAuthentication:
2010-07-28 09:26:07,022 INFO
org.dspace.app.webui.servlet.ShibbolethServlet @ header:SURNAME=Afonso
2010-07-28 09:26:07,022 INFO
org.dspace.app.webui.servlet.ShibbolethServlet @ header:GIVEN_NAME=Sergio
2010-07-28 09:26:07,022 INFO
org.dspace.app.webui.servlet.ShibbolethServlet @
header:[email protected]
2010-07-28 09:26:07,022 INFO
org.dspace.app.webui.servlet.ShibbolethServlet @
header:DSPACE_ROLES=Administrator;GroupX
2010-07-28 09:26:07,022 INFO
org.dspace.app.webui.servlet.ShibbolethServlet @
header:Shib-Application-ID=repo-x
2010-07-28 09:26:07,022 INFO
org.dspace.app.webui.servlet.ShibbolethServlet @ header:REMOTE_USER
2010-07-28 09:26:07,022 DEBUG org.dspace.authenticate.ShibAuthentication
@ header:SURNAME=Afonso
2010-07-28 09:26:07,022 DEBUG org.dspace.authenticate.ShibAuthentication
@ header:GIVEN_NAME=Sergio
2010-07-28 09:26:07,022 DEBUG org.dspace.authenticate.ShibAuthentication
@ header:[email protected]
2010-07-28 09:26:07,022 DEBUG org.dspace.authenticate.ShibAuthentication
@ header:DSPACE_ROLES=Administrator;GroupX
2010-07-28 09:26:07,022 DEBUG org.dspace.authenticate.ShibAuthentication
@ header:Shib-Application-ID=repo-x
2010-07-28 09:26:07,023 DEBUG org.dspace.authenticate.ShibAuthentication
@ header:REMOTE_USER=
And i have configured in DSpace the group:
ID:8 Name:GroupX
In a previous version from DSpace (1.5.2 IIRC) I was able to see in the
dspace.log the getSpecialGroup being filled, but with this configuration
I can't seem to find it on the log files.
Best regards,
Sérgio Afonso
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://ad.doubleclick.net/clk;226879339;13503038;l?
http://clk.atdmt.com/CRS/go/247765532/direct/01/
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
