[Dspace-tech] Shibboleth - user groups

Tue, 19 Oct 2010 07:16:03 -0700 

   Hi all,

I have set up Shibboleth authentication in DSpace and assingning groups 
according to the "affiliation" (authentication.shib.role-header) does not 
work.

I have found that getSpecialGroups() from 
/org/dspace/authenticate/ShibAuthentication.java gets no shibboleth 
headers. I guess that the trouble lies in Apache config. At first I have 
tried mod_proxy, then mod_jk and the result is still the same. To get 
getSpecialGroups() works properly (to sent shib headers) I have to change 
Apache config slightly to use lazy session for the root (where I have my 
DSpace installation):

<Location /shibboleth-login>
        AuthType shibboleth
        ShibRequireSession On
        Require valid-user
        ShibUseHeaders On
</Location>

<Location />
        AuthType shibboleth
        ShibRequireSession Off
        ShibUseHeaders on
        Require shibboleth
</Location>


So this is lazy session configuration. Using this, groups assigning works. 
But I can't logout - means trying to reach /mydspace cause I'm logged in 
via Shibboleth without asking what kind of authetication I want. If I was 
logged in before, my last session is used, if I wasn't there is 
something I name "empty user". It seems, DSpace tests "shibboleth" header 
and then assumes somebody is logged in.

Removing lazy session config (for the root /) causes Shibboleth works fine 
except for assigning groups.

Has anyone experienced the same troubles? Can you share your Apache 
config?

I have version 1.6.2, also last SP (2.3.1 I think). I have also set up
webui.session.invalidate = false.

Thanks.

Vlastik

----------------------------------------------------------------------------
Vlastimil Krejčíř
Library and Information Centre, Institute of Computer Science
Masaryk University in Brno, Czech Republic
Email: krejcir (at) ics (dot) muni (dot) cz
Phone: +420 549 49 3872
ICQ: 163963217
Jabber: [email protected]
----------------------------------------------------------------------------

------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Reply via email to