From 9df099dc114d0101ef1091c30662a537e53e9826 Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Thu, 31 Jul 2014 06:21:55 +0000 Subject: [PATCH] Bug 12027: Added shibboleth authentication to the staff client - This patch adds shibboleth authentication to the staff client. - Depending upon how your url structure works, you may or may not need a second native shibboleth service provider profile configured for this to work. Signed-off-by: Nick Clemens Signed-off-by: Julian Maurice Signed-off-by: Nick Clemens --- C4/Auth.pm | 8 +++---- C4/Auth_with_shibboleth.pm | 23 +++++++++++++++---- .../intranet-tmpl/prog/en/modules/auth.tt | 8 +++++++ 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 243aada413..27b822da6d 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -898,9 +898,7 @@ sub checkauth { } # If we are in a shibboleth session (shibboleth is enabled, a shibboleth match attribute is set and matches koha matchpoint) - if ( $shib and $shib_login and $shibSuccess and $type eq 'opac' ) { - - # (Note: $type eq 'opac' condition should be removed when shibboleth authentication for intranet will be implemented) + if ( $shib and $shib_login and $shibSuccess) { logout_shib($query); } } @@ -982,8 +980,8 @@ sub checkauth { my $shibSuccess = 0; my ( $return, $cardnumber ); - # If shib is enabled and we have a shib login, does the login match a valid koha user - if ( $shib && $shib_login && $type eq 'opac' ) { + # If shib is enabled and we have a shib login, does the login match a valid koha user + if ( $shib && $shib_login ) { my $retuserid; # Do not pass password here, else shib will not be checked in checkpw. diff --git a/C4/Auth_with_shibboleth.pm b/C4/Auth_with_shibboleth.pm index f855ae1bdf..5485527712 100644 --- a/C4/Auth_with_shibboleth.pm +++ b/C4/Auth_with_shibboleth.pm @@ -49,6 +49,7 @@ sub shib_ok { return 0; } + # Logout from Shibboleth sub logout_shib { my ($query) = @_; @@ -131,21 +132,33 @@ sub _autocreate { sub _get_uri { my $protocol = "https://"; + my $interface = C4::Context->interface; + $debug and warn "shibboleth interface: " . $interface; - my $uri = C4::Context->preference('OPACBaseURL') // ''; - if ($uri eq '') { - $debug and warn 'OPACBaseURL not set!'; + my $return; + my $uri; + if ( $interface eq 'intranet' ) { + + $uri = C4::Context->preference('staffClientBaseURL') // ''; + if ($uri eq '') { + $debug and warn 'staffClientBaseURL not set!'; + } + } else { + $uri = C4::Context->preference('OPACBaseURL') // ''; + if ($uri eq '') { + $debug and warn 'OPACBaseURL not set!'; + } } + if ($uri =~ /(.*):\/\/(.*)/) { my $oldprotocol = $1; if ($oldprotocol ne 'https') { $debug and warn - 'Shibboleth requires OPACBaseURL to use the https protocol!'; + 'Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!'; } $uri = $2; } - my $return = $protocol . $uri; return $return; } diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt index 33006b3e8c..66fd6bf23e 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt @@ -49,6 +49,14 @@
Error: Invalid username or password
[% END %] +[% IF (shibbolethAuthentication) %] + +[% IF (invalidShibLogin ) %] +
Error: Shibboleth login failed
+[% END %] +

If you have a shibboleth account, please click here to login.

+[% END %] +