Bug 12027: Added shibboleth authentication to the staff client
- This patch adds shibboleth authentication to the staff client. - Depending upon how your url structure works, you may or may not need a second native shibboleth service provider profile configured for this to work. Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This commit is contained in:
parent
0862f77769
commit
9df099dc11
3 changed files with 29 additions and 10 deletions
|
@ -898,9 +898,7 @@ sub checkauth {
|
|||
}
|
||||
|
||||
# If we are in a shibboleth session (shibboleth is enabled, a shibboleth match attribute is set and matches koha matchpoint)
|
||||
if ( $shib and $shib_login and $shibSuccess and $type eq 'opac' ) {
|
||||
|
||||
# (Note: $type eq 'opac' condition should be removed when shibboleth authentication for intranet will be implemented)
|
||||
if ( $shib and $shib_login and $shibSuccess) {
|
||||
logout_shib($query);
|
||||
}
|
||||
}
|
||||
|
@ -982,8 +980,8 @@ sub checkauth {
|
|||
my $shibSuccess = 0;
|
||||
my ( $return, $cardnumber );
|
||||
|
||||
# If shib is enabled and we have a shib login, does the login match a valid koha user
|
||||
if ( $shib && $shib_login && $type eq 'opac' ) {
|
||||
# If shib is enabled and we have a shib login, does the login match a valid koha user
|
||||
if ( $shib && $shib_login ) {
|
||||
my $retuserid;
|
||||
|
||||
# Do not pass password here, else shib will not be checked in checkpw.
|
||||
|
|
|
@ -49,6 +49,7 @@ sub shib_ok {
|
|||
return 0;
|
||||
}
|
||||
|
||||
|
||||
# Logout from Shibboleth
|
||||
sub logout_shib {
|
||||
my ($query) = @_;
|
||||
|
@ -131,21 +132,33 @@ sub _autocreate {
|
|||
sub _get_uri {
|
||||
|
||||
my $protocol = "https://";
|
||||
my $interface = C4::Context->interface;
|
||||
$debug and warn "shibboleth interface: " . $interface;
|
||||
|
||||
my $uri = C4::Context->preference('OPACBaseURL') // '';
|
||||
if ($uri eq '') {
|
||||
$debug and warn 'OPACBaseURL not set!';
|
||||
my $return;
|
||||
my $uri;
|
||||
if ( $interface eq 'intranet' ) {
|
||||
|
||||
$uri = C4::Context->preference('staffClientBaseURL') // '';
|
||||
if ($uri eq '') {
|
||||
$debug and warn 'staffClientBaseURL not set!';
|
||||
}
|
||||
} else {
|
||||
$uri = C4::Context->preference('OPACBaseURL') // '';
|
||||
if ($uri eq '') {
|
||||
$debug and warn 'OPACBaseURL not set!';
|
||||
}
|
||||
}
|
||||
|
||||
if ($uri =~ /(.*):\/\/(.*)/) {
|
||||
my $oldprotocol = $1;
|
||||
if ($oldprotocol ne 'https') {
|
||||
$debug
|
||||
and warn
|
||||
'Shibboleth requires OPACBaseURL to use the https protocol!';
|
||||
'Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!';
|
||||
}
|
||||
$uri = $2;
|
||||
}
|
||||
|
||||
my $return = $protocol . $uri;
|
||||
return $return;
|
||||
}
|
||||
|
|
|
@ -49,6 +49,14 @@
|
|||
<div id="login_error"><strong>Error: </strong>Invalid username or password</div>
|
||||
[% END %]
|
||||
|
||||
[% IF (shibbolethAuthentication) %]
|
||||
<!-- This is what is displayed if shib login has failed -->
|
||||
[% IF (invalidShibLogin ) %]
|
||||
<div id="login_error"><Strong>Error: </strong>Shibboleth login failed</div>
|
||||
[% END %]
|
||||
<p>If you have a shibboleth account, please <a href="[% shibbolethLoginUrl %]">click here</a> to login.</p>
|
||||
[% END %]
|
||||
|
||||
<!-- login prompt time-->
|
||||
<form action="[% script_name | html %]" method="post" name="loginform" id="loginform">
|
||||
<input type="hidden" name="koha_login_context" value="intranet" />
|
||||
|
|
Loading…
Reference in a new issue