https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30988
David Cook <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Failed QA --- Comment #26 from David Cook <[email protected]> --- My test plan: 0. Set up koha-testing-docker with a jboss/keycloak container as per https://hub.docker.com/r/jboss/keycloak/ 0b. Create "test" realm with discovery doc: http://<my_ip>:8082/auth/realms/test/.well-known/openid-configuration 0c. Create condiential OIDC client "koha" in "test" realm 0d. Create "test" user with email "[email protected]", first name "test1", last name "test2", password "test" 0e. Fix "OPACBaseURL" so that it resolves to localhost instead of a non-existent domain name 1. Apply patch 2. koha-plack --restart kohadev 3. koha-upgrade-schema kohadev 4. Set "OIDC" syspref to "Yes" 5. Set "OIDCAutoRegister" to "Allow" 6. Set "OIDCConfigURL" to "http://<my_ip>:8082/auth/realms/test/.well-known/openid-configuration" 7. Set "OIDCDefaultBranch" to "CPL" 8. Set "OIDCDefaultCategory" to "Patron" 9. Set "OIDCOAuth2ClientID" to my Keycloak client id 10. Set "OIDCOAuth2ClientSecret" to my Keycloak client secret 11. Go to http://localhost:8080/cgi-bin/koha/opac-main.pl 12. Click "Log in to your account" 13. Fill out your username and password in Keycloak 14. Success! Returned to a logged in OPAC with new auto-registered borrower -- Remaining issues: 1) - installer/data/mysql/atomicupdate/bug_30988-add_oidc_syspref.pl - installer/data/mysql/mandatory/sysprefs.sql - koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref "URL to identity provider's OpenID config" should be "URL to identity provider's OpenID Connect config" ("OIDCOAuth2ClientID" and "OIDCOAuth2ClientSecret" shouldn't include "OAuth2" as it's redundant but not really an issue I suppose.) 2) - koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref 4 instances of "OpenID" instead of "OpenID Connect" 3) - koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc - koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-main.tt - koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt I think the following text is totally unnecessary (and somewhat inaccurate since the protocol is OpenID Connect but the account isn't): "If you do not have an OpenID account from the provider specified in this library, but do have a local account, you can still log in:" Personally, I envision a login area like the following: https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=97684. Without that text, we'd have something like that. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
