https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004
--- Comment #39 from David Cook <[email protected]> --- I'm going to add another wrinkle into all of this! Since Koha isn't yet capable of being an OpenID Connect/SAML2 IDP itself, we're using the Keycloak IDAM system instead (which Red Hat very actively develops and supports). The cool part is that I've written an extension using the User Storage SPI (https://www.keycloak.org/docs/latest/server_development/#_user-storage-spi) to use the Koha database as the User Federation provider. Right now, I'm using the existing REST API to GET patrons, but I need a REST API endpoint to validate the credentials entered by the user. I'll be creating a custom endpoint for that this afternoon. *Note that this isn't creating a Koha authentication session. It's just validating that the password entered by the user into Keycloak is the same password stored in the Koha database.* So Keycloak will provide the SSO for Koha and other systems, but the real backend user database (and potentially business rules) will still happen in Koha. I thought about doing the REST API endpoint as a Koha plugin, but I'm going to just code it into our local Koha, so that it's easier to maintain and distribute. Once we've battle tested everything, I could look at sharing. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
