As far as I know, the attributes may differ in different Shibboleth installation. I suggest you set the log level in DEBUG at config/log4j.properties. Then you can check from DSpace logs what the real attributes are after you have logged in.
In our case the settings which need to be configured are authentication.shib.role-header and authentication.shib.role.[role_name], role_name can be for example Staff and Students. That role_name you can check from role-header attribute. P.S. Remember to change that log level back to info, because it will collect a lot of logs at debug level. Tapani -- Tapani Lehtilä, Tampere University of Technology / Library [email protected] +358 40 849 0208 P.O.Box 537, 33101 Tampere Finland Street address: Korkeakoulunkatu 10, 33720 Tampere, Finland >-----Original Message----- >From: Kevin P. Foote [mailto:[email protected]] >Sent: Thursday, April 07, 2011 11:39 PM >To: Sarah Ryder >Cc: [email protected] >Subject: Re: [Dspace-tech] auto add shib users to group > > >I believe there is one more setting in there somewhere .. > >it relates to what your consuming as the "role" attribute I believe.. >cant remember off the top of my head. > >In my case i'm using ePPA > > >------ >thanks > kevin.foote > >On Thu, 7 Apr 2011, Sarah Ryder wrote: > >-> >-> Hi folks >-> >-> We're using Shibboleth authentication w/ DSpace 1.7.1 and we'd like >to >-> make it so that all of our users are added to a DSpace group when >they >-> login. Does anyone know if this is possible and how? >-> >-> I assumed that the following lines in dspace.cfg (see below) would >allow >-> for this, so I set: >-> authentication.shib.default-roles = member >-> authentication.shib.role.member = hampusers >-> >-> I already created the group called hampusers, but no users are added >to >-> the group when they login. I picked the word member to use for the >role, >-> but I picked that out of thin air just assuming that it could be any >word. >-> >-> I also don't see anything regarding roles in the dspace log when >users >-> authenticate. >-> >-> Any insight or help would be much appreciated. Thanks! >-> >-> # when user is fully authN on IdP but would not like to release >-> # his/her roles to DSpace (for privacy reason?), what should be >-> # the default roles be given to such users? >-> # The values are separated by semi-colon or comma >-> # authentication.shib.default-roles = Staff, Walk-ins >-> authentication.shib.default-roles = member >-> >-> # The following mappings specify role mapping between IdP and Dspace. >-> # the left side of the entry is IdP's role (prefixed with >-> # "authentication.shib.role.") which will be mapped to >-> # the right entry from DSpace. DSpace's group as indicated on the >-> # right entry has to EXIST in DSpace, otherwise user will be >identified >-> # as 'anonymous'. Multiple values on the right entry should be >separated >-> # by comma. The values are CASE-Sensitive. Heuristic one-to-one >mapping >-> # will be done when the IdP groups entry are not listed below (i.e. >-> # if "X" group in IdP is not specified here, then it will be mapped >-> # to "X" group in DSpace if it exists, otherwise it will be mapped >-> # to simply 'anonymous') >-> # >-> # Given sufficient demand, future release could support regex for the >-> mapping >-> # special characters need to be escaped by \ >-> #authentication.shib.role.Senior\ Researcher = Researcher, Staff >-> #authentication.shib.role.Librarian = Administrator >-> authentication.shib.role.member = hampusers >-> >-> >-> -Sarah Ryder >-> Web Development >-> Hampshire College >-> 413.559.5477 >-> >-> --------------------------------------------------------------------- >--------- >-> Xperia(TM) PLAY >-> It's a major breakthrough. An authentic gaming >-> smartphone on the nation's most reliable network. >-> And it wants your games. >-> http://p.sf.net/sfu/verizon-sfdev >-> _______________________________________________ >-> DSpace-tech mailing list >-> [email protected] >-> https://lists.sourceforge.net/lists/listinfo/dspace-tech >-> > >------------------------------------------------------------------------ >------ >Xperia(TM) PLAY >It's a major breakthrough. An authentic gaming >smartphone on the nation's most reliable network. >And it wants your games. >http://p.sf.net/sfu/verizon-sfdev >_______________________________________________ >DSpace-tech mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/dspace-tech ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
