Bug 12027: Added shibboleth authentication to the staff client

- This patch adds shibboleth authentication to the staff client. - Depending upon how your url structure works, you may or may not need a second native shibboleth service provider profile configured for this to work. Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2014-07-31 06:21:55 +00:00 · 2014-07-31 06:21:55 +00:00 · 9df099dc11
commit 9df099dc11
parent 0862f77769
3 changed files with 29 additions and 10 deletions
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@ -898,9 +898,7 @@ sub checkauth {
            }

            # If we are in a shibboleth session (shibboleth is enabled, a shibboleth match attribute is set and matches koha matchpoint)
-            if ( $shib and $shib_login and $shibSuccess and $type eq 'opac' ) {
-
-                # (Note: $type eq 'opac' condition should be removed when shibboleth authentication for intranet will be implemented)
+            if ( $shib and $shib_login and $shibSuccess) {
                logout_shib($query);
            }
        }
@ -982,8 +980,8 @@ sub checkauth {
            my $shibSuccess = 0;
            my ( $return, $cardnumber );

-            # If shib is enabled and we have a shib login, does the login match a valid koha user
-            if ( $shib && $shib_login && $type eq 'opac' ) {
+	    # If shib is enabled and we have a shib login, does the login match a valid koha user
+            if ( $shib && $shib_login ) {
                my $retuserid;

                # Do not pass password here, else shib will not be checked in checkpw.
--- a/C4/Auth_with_shibboleth.pm
+++ b/C4/Auth_with_shibboleth.pm
@ -49,6 +49,7 @@ sub shib_ok {
    return 0;
 }

+
 # Logout from Shibboleth
 sub logout_shib {
    my ($query) = @_;
@ -131,21 +132,33 @@ sub _autocreate {
 sub _get_uri {

    my $protocol = "https://";
+    my $interface = C4::Context->interface;
+    $debug and warn "shibboleth interface: " . $interface;

-    my $uri = C4::Context->preference('OPACBaseURL') // '';
-    if ($uri eq '') {
-        $debug and warn 'OPACBaseURL not set!';
+    my $return;
+    my $uri;
+    if ( $interface eq 'intranet' ) {
+
+        $uri = C4::Context->preference('staffClientBaseURL') // '';
+        if ($uri eq '') {
+            $debug and warn 'staffClientBaseURL not set!';
+        }
+    } else {
+        $uri = C4::Context->preference('OPACBaseURL') // '';
+        if ($uri eq '') {
+            $debug and warn 'OPACBaseURL not set!';
+        }
    }
+
    if ($uri =~ /(.*):\/\/(.*)/) {
        my $oldprotocol = $1;
        if ($oldprotocol ne 'https') {
            $debug
                and warn
-                  'Shibboleth requires OPACBaseURL to use the https protocol!';
+                  'Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!';
        }
        $uri = $2;
    }
-
    my $return = $protocol . $uri;
    return $return;
 }
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt
@ -49,6 +49,14 @@
 <div id="login_error"><strong>Error: </strong>Invalid username or password</div>
 [% END %]

+[% IF (shibbolethAuthentication) %]
+<!-- This is what is displayed if shib login has failed -->
+[% IF (invalidShibLogin ) %]
+<div id="login_error"><Strong>Error: </strong>Shibboleth login failed</div>
+[% END %]
+<p>If you have a shibboleth account, please <a href="[% shibbolethLoginUrl %]">click here</a> to login.</p>
+[% END %]
+
 <!-- login prompt time-->
 <form action="[% script_name | html %]" method="post" name="loginform" id="loginform">
    <input type="hidden" name="koha_login_context" value="intranet" />