Commit graph

34 commits

Author SHA1 Message Date
ecb0ff8bbe Bug 28367: (follow-up) Fix plack condition in C4/Auth_with_shibboleth.pm
There were 2 occurrences!

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-18 11:26:27 +02:00
21d8298c77 Bug 28367: Fix plack condition in C4/Auth_with_shibboleth.pm
C4/Auth_with_shibboleth.pm has:
  if ( any { /(^psgi\.|^plack\.)/i } keys %ENV )
When others have:
  if ( any { /(^psgi\.|^plack\.)/i } keys %ENV )

This has been highlighted by https://gitlab.com/koha-community/koha-testing-docker/-/issues/249 that introduces a PLACK_WORKERS env vars, and t/Auth_with_shibboleth.t was failing with

 #   Failed test 'checkpw_shib tests'
 #   at t/Auth_with_shibboleth.t line 335.
 Invalid parameter passed, categorycode= does not exist# Looks like your test exited with 255 just after 5.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-18 10:43:05 +02:00
b022b37db7
Bug 24199: (bug 23042 follow-up) Prevent t/Auth_with_shibboleth.t to fail randomly
CGI->url_param does not always return the parameters in the same order.

Test plan:
0/ Recreate the random failure, does not apply the patch and run
t/Auth_with_shibboleth.t several times.
You will notice that it fails inconsistenly
1/ Apply the patch and confirm that it now passes 100% of the time

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-12-10 10:43:20 +00:00
8a766c2208
Bug 23042: Correct shib param escaping
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-11-27 11:30:20 +00:00
4e02adb5df
Bug 23042: Only include GET params in return URL for Shibboleth
The shibboleth return target included POST parameters in the URL string,
this meant that a failed local login POST would include the username and
password used in the attemtped login in plaintext in the redirect URL
that is appended to the shibboleth login URL.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-11-27 11:30:20 +00:00
d4589500d1
Bug 24065: Fail shib login if multiple users matched
Ideally you could test against active shib, but is a small code change and
covered by tests and should be readable

To test:
prove -v t/Auth_with_shibboleth.t

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-11-21 11:33:11 +00:00
16aa7d1c8a
Bug 23526: Don't use encoded question mark in shib_login_url
To test:
1 - Enable shib
2 - Do a search
3 - Try to login from search
4 - Get an error
5 - Apply patch
6 - Retry

Note: You do have to fully configure shibboleth, you can simply enable it in koha-conf.xml and check the URLs.
Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-09-23 10:43:09 +01:00
Matthias Meusburger
9dc5a53daa Bug 18507: Shibboleth auto-provisioning - Sync
This patch allows to update borrowers informations with Shibboleth attributes
upon login.

Test plan:
1. In $KOHA_CONF, check that //shibboleth/sync is set to 1
2. Find an existing user and change one of the values mapped with a Shibboleth attribute
3. Log in using Shibboleth
4. Check that the value has been updated with the Shibboleth attribute.

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Comments posted on Bugzilla.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-08 20:43:32 +00:00
Matthias Meusburger
b3d0bef136 Bug 19625: Enable Shibboleth auto-provisioning for Plack
Test plan:
1. In $KOHA_CONF, check that //shibboleth/autocreate is set to 1
2. Find a user in Shibboleth that is not in Koha (or remove it from
   Koha)
3. Login with that user
4. Verify that the userid is not set correctly in Koha database
5. Apply the patch (restart starman)
6. Repeat steps 2 and 3
7. Verify that the userid is set correctly and the other
mapped fields if there are some

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:02:50 +00:00
4febf0656c Bug 17776: (QA follow-up) Remove shibboleth package variables
This is about $shib and $shib_login.
We move in the right direction by calling get_login_shib in
get_template_and_user and checkauth. In the same line we can do the
shib_ok check at that time (just checking cached values). This paves
the way for the third subroutine using the two package vars: checkpw.
Note that checkpw is also called outside Auth.pm. So I would be more
comfortable if we do the same calls like in checkauth and remove both
variables from the package level (especially under Plack of course).

The former changes actually justify a 'use C4::Auth_with_shibboleth'
instead of the current require and import.

Note: When calling checkpw from checkauth, we are calling get_login_shib
twice now. But the time involved for doing so is around zero (cache), so
not really an argument for extra parameters and complexer code.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:02:50 +00:00
7ce770ddc5 Bug 17776: (QA follow-up) Consistent regex for Plack detection
Synchronizing:
C4/Auth_with_shibboleth.pm:    if ( any { /(^psgi|^plack)/i } keys %ENV ) {
Koha/AuthUtils.pm:    if ( ( any { /(^psgi\.|^plack\.)/i } keys %ENV ) && $ENV{SCRIPT_NAME} =~ m,^/(intranet|opac)(.*), ) {
about.pl:if ( any { /(^psgi\.|^plack\.)/i } keys %ENV ) {

Actually we should move it to a subroutine. New report please.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:02:49 +00:00
897711bd47 Bug 17776: (follow-up) Add note about NativeSPSpoofChecking
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended the text a bit:
Hopefully, an uppercase important attracts slightly more attention :)
Added the bug number too.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:02:49 +00:00
ea74ed5766 Bug 17776: Enable Shibboleth for Plack
https://bugs.koha-community.org/show_bug.cgi?id=17776

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 15:02:48 +00:00
Julian Maurice
cee35f3a78 Bug 12027: (QA follow-up) Fix spelling and tab characters
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 13:56:31 +00:00
142230bdde Bug 12027: (QA follow-up) Update tests
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 13:56:31 +00:00
0aa69ea795 Bug 12027: (follow-up) Added missing documentation
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 13:56:30 +00:00
9df099dc11 Bug 12027: Added shibboleth authentication to the staff client
- This patch adds shibboleth authentication to the staff client.
- Depending upon how your url structure works, you may or may not need a
  second native shibboleth service provider profile configured for this
  to work.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 13:56:30 +00:00
dc6b6e030c Bug 20287: Remove AddMember_Auto
I am not sure I understood the point of this subroutine.
Did I miss something here?

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:49 +00:00
f8144691cc Bug 12026: [QA Follow-up] Fix a POD line
Still refers to a removed parameter of _autocreate.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 14:28:18 +00:00
da51c00496 Bug 12026: [Rebase Follow-up] - Fix Test
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 14:28:17 +00:00
22f1f3a26a Bug 12026: [QA Follow-up] POD typo and tiny change in AddMember_Opac
[1] Correct xml error in POD
Copy-pasting this example from Auth_with_shibboleth.pm into koha-conf.xml
did not work. We need a closing tag ;)
[2] If AddMember_Opac calls AddMember_Auto, there is no need to call
fixup_cardnumber. Adding trivial test for AddMember_Auto in Members.t.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 14:28:17 +00:00
Mirko Tietgen
2f4e57b20f Bug 12026: Fix small errors
When running tests I got two errors. Do these changes make sense?

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 14:28:17 +00:00
2ccdbcd0f5 Bug 12026: [Followup] Rebasing
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 14:28:17 +00:00
d0e40439cd Bug 12026: [Follow up] Added Documentation
Updated to work with match point selection

- The base bug that this patch enhances has added the ability to choose
  your match point in the configuration file. This patch adds code to
  take that change into account.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 14:28:16 +00:00
Jesse Weaver
9b92ce4cd1 Bug 12026: Adds auto-provisioning to shibboleth
- Adds the option to map shibboleth attributes to koha user columns
  and allows mapping to auto create non-existant users

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 14:28:16 +00:00
Jesse Weaver
d475dae773 Bug 16818: External auth redirect broken under Plack
Test plan:

0) Have either CAS or Shibboleth authentication enabled under Plack.
1) Hover over the authentication link on the staff client or OPAC, and
   notice that it has either '.../opac/...' or '.../intranet/...' instead
   of '.../cgi-bin/koha/...'. (This will be a complete dealbreaker for CAS
   authentication.)
2) Apply patch.
3) Check links again; they should now have the correct paths.

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Did not test CAS or Shibboleth, but no regression found.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-08-04 19:42:44 +00:00
017699c345 Bug 16011: $VERSION - Remove the $VERSION init
Mainly a
  perl -p -i -e 's/^.*3.07.00.049.*\n//' **/*.pm
Then some adjustements

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:28 +00:00
3830d78d46 Bug 16011: $VERSION - remove use vars $VERSION
perl -p -i -e 's/^(use vars .*)\$VERSION\s?(.*)/$1$2/' **/*.pm

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:26 +00:00
Mark Tompsett
1651cf70d1 Bug 5010: Fix OPACBaseURL to include protocol
First, it is strongly recommended to set the OPACBaseURL. But
this patch allows the inclusion of the protocol and not just
a site.

Next, C4/Auth now puts OPACBaseURL into the template parameters
regardless of OPAC or Staff clients.  t/db_dependent/Auth.t was
tweaked to add a check for confirming that get_template_and_user
adds OPACBaseURL to both OPAC and Staff templates.

In the staff client, once the OPACBaseURL is set, you get a nice
OPAC View link when viewing a biblio's detail. It should reflect
the protocol used now.

Hard coded 'http://' strings were removed from the
sample_notices.sql files. This is what required also updating
the letters table in the updatedatabase.pl script.

The explanation text in the sysprefs.sql needed updating too to
reflect the inclusion of the protocol. And this was the other
update done in the updatedatabase.pl script. The opac.pref file
was similarly changed as well.

catalogue/detail.pl had no need to pass a custom OpacUrl value,
since C4/Auth passes the required OPACBaseURL, so it and the
corresponding template were modified.

Both the MARC21 and NORMARC intranet details files had 'http://'
hard coded in them. This was removed.

Both the bootstrap and prog theme opac-detail template had a
protocol parameter that was used. The logic for the parameter
was not removed, because it is used extensively in one template.
Perhaps it should be used to simplify the other. However, the
calculated current_url parameter had references to the protocol
removed, because of the changes to OPACBaseURL.

opac/opac-shareshelf.pl had a hard coded 'http://' which was
removed.

t/db_dependent/Auth_with_cas.t had 'http://' added to the value
set for OPACBaseURL.

In virtualshelves/sendshelf.pl explicit code which sent the
OPACBaseURL preference was removed, since C4/Auth sends it all
the time now.

C4::Context::set_preference was tweaked to ensure that
OPACBaseURL would always start with http.
t/db_dependent/Context.t was tweaked to specifically test this.

The Shibboleth authentication needs OPACBaseURL set, and that
it be https protocol. The _get_uri routine was tweaked to always
pass back https:// as the protocol on the OPACBaseURL.
t/Auth_with_shibboleth.t was tweaked to specifically test the
changes.

TEST PLAN
---------
This is not an easy patch to test. Difficulties include:
- configuring Koha to run under https
    (tweaking apache2 isn't so hard, just tricky)
- configuring Koha to run OPAC and Staff with Plak
    (since code with comments about plak were sliced out)
- configuring Koha to use CAS
    (may be requires for the CAS test)

 1) Apply patch
 2) Make sure OPACBaseURL is set without the protocol included.

UPDATEDATABASE
 3) back up your DB
 4) ./installer/data/mysql/updatedatabase.pl
    -- It should run without errors.
 5) Look up the OPACBaseURL system preference in the staff
    client
    -- It should have http:// prepended.
 6) Run the mysqlclient from your koha git directory
      USE koha_library;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
    -- There should be no prepended http:// on the
       <<OPACBaseURL>>.
 7) restore your DB
 8) Make sure OPACBaseURL is set with the protocol included,
    preferably https.
    -- Using https requires a bunch of apache2 tweaks.

AUTH
 9) Call up staff client.
10) Call up OPAC.
    -- C4/Auth.pm doesn't barf.
11) Call up Plack staff client
12) Call up Plack OPAC.
    -- C4/Auth.pm doesn't barf.
13) prove -v t/db_dependent/Auth.t

CONTEXT
14) Home -> Koha administration -> Global System Preferences
         -> OPAC
15) Modify and save OPACBaseURL to not have http:// or https://
    on it.
    -- It should be modified to include http://
16) Modify and save another system preference.
    -- It should save normally
17) prove -v t/db_dependent/Context.t

CATALOGUE/DETAIL (tt & pl)
18) Confirm the OPACBaseURL is set
19) Navigate to any biblio details in the staff client
    -- There should be a "OPAC view" link which has the
       correct http:// or https:// in it.

SQL (sample notices and sysprefs)
20) Run the mysqlclient from your koha git directory
      USE koha_library;
      DELETE FROM letter;
      source installer/data/mysql/de-DE/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/en/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/nb-NO/1-Obligatorisk/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/es-ES/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/fr-FR/1-Obligatoire/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/it-IT/necessari/notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/pl-PL/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/ru-RU/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/uk-UA/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
    -- Each of the selects should should lines that have
       <<OPACBaseURL>> starting them, but no hard-coded http://
      DELETE FROM systempreferences;
      source installer/data/mysql/sysprefs.sql;
      SELECT * FROM systempreferences WHERE variable='OPACBaseURL';
    -- The explanation should reflect the new explanation.
      QUIT
21) restore your DB
22) Make sure OPACBaseURL is set with the protocol included,
    preferably https.
    -- Using https requires a bunch of apache2 tweaks.

SLIM2INTRANETDETAIL
23) Set 'XSLTDetailsDisplay' system preference to default.
24) Set 'marcflavour' system preference to MARC21.
25) View any biblio's details.
    -- the URL beside 'OPAC View' should have the appropriate
       http:// or https://
26) Set 'marcflavour' system preference to NORMARC.
27) View any biblio's details.
    -- the URL beside 'OPAC View' should have the appropriate
       http:// or https://

OPAC-DETAIL
28) Set 'opacthemes' to bootstrap.
29) Set 'SocialNetworks' to enabled.
30) In OPAC, view any biblio's details.
    -- the Share links should have the appropriate protocol on
       the OPACBaseURL.
31) Set 'opacthemes' to prog.
32) In OPAC, view any biblio's details.
    -- the Share links should have the appropriate protocol on
       the OPACBaseURL.

AUTH_WITH_CAS
33) prove -v t/db_dependent/Auth_with_cas.t

OPAC-SHARESHELF
34) Set 'OpacAllowSharingPrivateLists' to allow.
35) In OPAC, 'Save to Lists' a search result.
36) Save it to a new private list.
37) Click the Lists button, and select the new list.
38) Click the Share button.

AUTH_WITH_SHIBBOLETH
39) prove -v t/Auth_with_shibboleth.t
    -- needs to be tests on Debian, because I can't get
       the Test::DBIx::Class installed in Ubuntu. :(

Rebased again on kohadevbox...

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-04 10:00:04 -03:00
fb90f71f71 BUG8446, QA Followup: Use DBIx::Class
- Convert Auth_with_shibboleth to use dbic stanzas.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-16 12:28:01 -03:00
31878e1973 BUG8446, QA Followup: Minor Code Tidies
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-16 12:27:59 -03:00
89ee1aeab7 BUG8446, QA Followup: Cleanup tabs and license
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-16 12:27:57 -03:00
ca86375872 BUG8446, Follow up: Refactor to clean up bad practice
- A number of issues were highlighted whilst writing sensible unit tests
  for this module.
  - Removed unnessesary call to context->new();
  - Global variables are BAD!
  - Croaking is a wimps way out, we should handle errors early and
    properly.

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-16 12:27:53 -03:00
3c9004357d BUG8446, Follow up: Improve local login fallback
- Local fallback was not very well implemented, this patch adds
  better handling for such cases allowing clearer failure messages
- This patch also adds the ability to use single sign on via the
  top bar menu in the bootstrap theme.

BUG8446, Follow up: Adds perldoc documentation

- Add some documentation to the Auth_with_Shibboleth module
  including some guidance as to configuration.

BUG8446, Follow up: Correct filenames to match guidlines

- Moved Auth_with_Shibboleth.pm to Auth_with_shibboleth.pm to match
  other files present on the system.

BUG8446, Follow up: Correct paths after file rename

BUG8446, Follow up: Implemented single sign out

- This follow up rebases the code against 3.16+ which managed to break
  some of the original logic.
- As a side effect of the rebasing, we've also implemented the single
  sign out element. Upon logout, koha will request that the shibboleth
  session is destroyed, and then clear the local koha session upon
  return to koha.  Due to the nature of shibboleth however, you will
  only truly be signed out of the IdP if they properly support Single
  Sign Out (which many do not). As a consequence, although you may
  appear to be logged out in koha, you might find that upon clicking
  'login' the IdP does NOT request your login details again, but instead
  logs you silently back into your koha session. This is NOT a koha bug,
  but a shibboleth implementation issue that is well known.

BUG8446, Follow up: Fixed bootstrap login via modal

- The bootstrap theme enable login from any opac page via modal. To
  enable this with shibboleth we had to make some template parameters
  globally accessible when shibboleth is enabled.

BUG8446, Follow up: Add template rules for Shibboleth and CAS

- Add template rules so that CAS and Shibboleth can coexist.

BUG8446, Follow up: Added default config to config file

BUG8446, Follow up: Embellished perldoc documentation

- Updated perldoc to correct detail about configuring shibboleth
  authentication.
- Updated perldoc to include subroutines and their respective functions.

BUG8446, Follow up: Enable configuration of match field

- Added clearer, more flexible, configuration of shibboleth attribute to
  koha borrower field matching for authentication
- Correcting of documentation to make it more clear to the current
  implementation
- Minor refactoring of code to reduce some code duplication

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-16 12:27:51 -03:00