Just for the record for others who have similar difficulties, Rui/Sergio had to put this into dspace config:
webui.session.invalidate = false Otherwise jspui in tomcat will keep creating new sessions. Bruc 2010/7/28 Sérgio Afonso <[email protected]>: > Hello all, > > I am having some trouble when using DSpace 1.6.2 and Shibboleth in what > regards to the association to groups based on DSPACE_ROLES header > (getSpecialGroup). > > Can someone give me an hint on where should I look to surpass this problem? > > Versions of Software: > DSpace 1.6.2 > Apache 2.2.3 > Tomcat 6.0.14 > Shibboleth SP 2.3.1 > > > My configuration is the following: > > DSpace > > plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ > org.dspace.authenticate.ShibAuthentication, \ > org.dspace.authenticate.PasswordAuthentication > ... > > authentication.shib.email-header = MAIL > authentication.shib.firstname-header = GIVEN_NAME > authentication.shib.lastname-header = SURNAME > > authentication.shib.email-use-tomcat-remote-user = false > authentication.shib.autoregister = true > > authentication.shib.role-header = DSPACE_ROLES > authentication.shib.role-header.ignore-scope = true > > authentication.shib.default-roles = Anonymous > authentication.shib.role.Administrator = Administrator > authentication.shib.role.GroupX = GroupX > > Apache Virtual Host configuration > > SetEnvIf Request_URI "/Shibboleth.sso" no-jk > SetEnvIf Request_URI "/Shibboleth.sso/*" no-jk > > <LocationMatch /Shibboleth.sso/*> > ShibRequestSetting applicationId repo-x > </LocationMatch> > > <Location /shibboleth-login> > AuthType shibboleth > ShibRequireSession On > ShibRequestSetting applicationId repo-x > ShibRequestSetting redirectToSSL 443 > ShibUseHeaders On > ShibExportAssertion On > require valid-user > </Location> > > > Below I post some logs from dspace.log in what refers to ShibbolethServlet > and ShibAuthentication: > > 2010-07-28 09:26:07,022 INFO org.dspace.app.webui.servlet.ShibbolethServlet > @ header:SURNAME=Afonso > 2010-07-28 09:26:07,022 INFO org.dspace.app.webui.servlet.ShibbolethServlet > @ header:GIVEN_NAME=Sergio > 2010-07-28 09:26:07,022 INFO org.dspace.app.webui.servlet.ShibbolethServlet > @ header:[email protected] > 2010-07-28 09:26:07,022 INFO org.dspace.app.webui.servlet.ShibbolethServlet > @ header:DSPACE_ROLES=Administrator;GroupX > 2010-07-28 09:26:07,022 INFO org.dspace.app.webui.servlet.ShibbolethServlet > @ header:Shib-Application-ID=repo-x > 2010-07-28 09:26:07,022 INFO org.dspace.app.webui.servlet.ShibbolethServlet > @ header:REMOTE_USER > > 2010-07-28 09:26:07,022 DEBUG org.dspace.authenticate.ShibAuthentication @ > header:SURNAME=Afonso > 2010-07-28 09:26:07,022 DEBUG org.dspace.authenticate.ShibAuthentication @ > header:GIVEN_NAME=Sergio > 2010-07-28 09:26:07,022 DEBUG org.dspace.authenticate.ShibAuthentication @ > header:[email protected] > 2010-07-28 09:26:07,022 DEBUG org.dspace.authenticate.ShibAuthentication @ > header:DSPACE_ROLES=Administrator;GroupX > 2010-07-28 09:26:07,022 DEBUG org.dspace.authenticate.ShibAuthentication @ > header:Shib-Application-ID=repo-x > 2010-07-28 09:26:07,023 DEBUG org.dspace.authenticate.ShibAuthentication @ > header:REMOTE_USER= > > And i have configured in DSpace the group: > > ID:8 Name:GroupX > > In a previous version from DSpace (1.5.2 IIRC) I was able to see in the > dspace.log the getSpecialGroup being filled, but with this configuration I > can't seem to find it on the log files. > > Best regards, > Sérgio Afonso > > ------------------------------------------------------------------------------ > The Palm PDK Hot Apps Program offers developers who use the > Plug-In Development Kit to bring their C/C++ apps to Palm for a share > of $1 Million in cash or HP Products. Visit us here for more details: > http://ad.doubleclick.net/clk;226879339;13503038;l? > http://clk.atdmt.com/CRS/go/247765532/direct/01/ > _______________________________________________ > DSpace-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
