Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt
Martin Renvoize 3c9004357d BUG8446, Follow up: Improve local login fallback 
- Local fallback was not very well implemented, this patch adds
  better handling for such cases allowing clearer failure messages
- This patch also adds the ability to use single sign on via the
  top bar menu in the bootstrap theme.

BUG8446, Follow up: Adds perldoc documentation

- Add some documentation to the Auth_with_Shibboleth module
  including some guidance as to configuration.

BUG8446, Follow up: Correct filenames to match guidlines

- Moved Auth_with_Shibboleth.pm to Auth_with_shibboleth.pm to match
  other files present on the system.

BUG8446, Follow up: Correct paths after file rename

BUG8446, Follow up: Implemented single sign out

- This follow up rebases the code against 3.16+ which managed to break
  some of the original logic.
- As a side effect of the rebasing, we've also implemented the single
  sign out element. Upon logout, koha will request that the shibboleth
  session is destroyed, and then clear the local koha session upon
  return to koha.  Due to the nature of shibboleth however, you will
  only truly be signed out of the IdP if they properly support Single
  Sign Out (which many do not). As a consequence, although you may
  appear to be logged out in koha, you might find that upon clicking
  'login' the IdP does NOT request your login details again, but instead
  logs you silently back into your koha session. This is NOT a koha bug,
  but a shibboleth implementation issue that is well known.

BUG8446, Follow up: Fixed bootstrap login via modal

- The bootstrap theme enable login from any opac page via modal. To
  enable this with shibboleth we had to make some template parameters
  globally accessible when shibboleth is enabled.

BUG8446, Follow up: Add template rules for Shibboleth and CAS

- Add template rules so that CAS and Shibboleth can coexist.

BUG8446, Follow up: Added default config to config file

BUG8446, Follow up: Embellished perldoc documentation

- Updated perldoc to correct detail about configuring shibboleth
  authentication.
- Updated perldoc to include subroutines and their respective functions.

BUG8446, Follow up: Enable configuration of match field

- Added clearer, more flexible, configuration of shibboleth attribute to
  koha borrower field matching for authentication
- Correcting of documentation to make it more clear to the current
  implementation
- Minor refactoring of code to reduce some code duplication

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-16 12:27:51 -03:00

193 lines
10 KiB
Text
Raw Blame History

[% USE Koha %]
[% INCLUDE 'doc-head-open.inc' %]
[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog &rsaquo;
[% IF Koha.Preference( 'opacuserlogin' ) == 1 %]
Log in to your account
[% ELSE %]
Catalog login disabled
[% END %]
[% INCLUDE 'doc-head-close.inc' %]
[% BLOCK cssinclude %][% END %]
</head>
[% INCLUDE 'bodytag.inc' bodyid='opac-login-page' bodyclass='scrollto' %]
[% INCLUDE 'masthead.inc' %]
<div class="main">
<ul class="breadcrumb">
<li><a href="/cgi-bin/koha/opac-main.pl">Home</a> <span class="divider">&rsaquo;</span></li>
<li><a href="#">Log in</a></li>
</ul>
<div class="container-fluid">
<div class="row-fluid">
<div class="span7 offset2">
<div id="opac-auth" class="maincontent">
<!--CONTENT-->
[% IF Koha.Preference( 'opacuserlogin' ) == 1 %]
[% IF ( nopermission ) %]
<!-- This is what is displayed if user doesnt have permission -->
<div class="alert">
<h3>Access denied</h3>
<p>Sorry, the system doesn't think you have permission to access this page. </p>
</div>
[% END %]
[% IF ( loginprompt ) %]
<!-- login prompt time-->
<h3>Log in to your account</h3>
[% IF ( timed_out ) %]
<!-- This is what is displayed if login has timed out -->
<div class="alert alert-info">
<p>Sorry, your session has timed out. Please log in again.</p>
</div>
[% END %]
[% IF ( different_ip ) %]
<!-- This is what is displayed if user doesnt have permission -->
<div class="alert alert-info">
<p>You are logging from a different IP address. Please log in again.</p>
</div>
[% END %]
[% IF ( invalid_username_or_password ) %]
<!-- This is what is displayed if user doesnt have permission -->
<div class="alert alert-info">
<p>You entered an incorrect username or password. Please try again! And remember, passwords are case sensitive.</p>
</div>
[% END %]
[% IF ( shibbolethAuthentication ) %]
[% IF ( invalidShibLogin ) %]
<!-- This is what is displayed if shibboleth login has failed to match a koha user -->
<div class="alert alert-info">
<p>
Sorry, your Shibboleth identity does not match a valid library identity.
[% IF ( casAuthentication ) %]
[% IF ( invalidCasLogin ) %]
<!-- This is what is displayed if cas login has failed -->
<p>Sorry, the CAS login also failed, if you have a local login you may use that below.</p>
[% ELSE %]
If you have a <acronym title="Central Authentication Service">CAS</acronym> account, you may use that below.
[% END %]
[% ELSE %]
If you have a local account, you may use that below.
[% END %]
</p>
</div>
[% ELSE %]
<h4>Shibboleth Login</h4>
<p>If you have a Shibboleth account,
please <a href="[% shibbolethLoginUrl %]">click here to login</a>.</p>
[% END %]
[% IF ( casAuthentication ) %]
<h4>CAS login</h4>
<p>If you do not have a Shibboleth account, but you do have a <acronym title="Central Authentication Service">CAS</acronym> account,
[% ELSE %]
<h4>Local login</h4>
<p>If you do not have a Shibboleth account, but you do have a local login, then you may login below:</p>
[% END %]
[% END %]
[% IF ( casAuthentication ) %]
[% IF ( shibbolethAuthentication ) %]
[% IF ( casServerUrl ) %]
please <a href="[% casServerUrl %]">click here to login</a>.<p>
[% END %]
[% IF ( casServersLoop ) %]
please choose against which one you would like to authenticate: </p>
<ul>
[% FOREACH casServer IN casServersLoop %]
<li><a href="[% casServer.value %]">[% casServer.name %]</a></li>
[% END %]
</ul>
[% END %]
[% ELSE %]
<h4>CAS login</h4>
[% IF ( invalidCasLogin ) %]
<!-- This is what is displayed if cas login has failed -->
<p>Sorry, the CAS login failed.</p>
[% END %]
<p>If you have a <acronym title="Central Authentication Service">CAS</acronym> account,
[% IF ( casServerUrl ) %]
please <a href="[% casServerUrl %]">click here to login</a>.<p>
[% END %]
[% IF ( casServersLoop ) %]
please choose against which one you would like to authenticate: </p>
<ul>
[% FOREACH casServer IN casServersLoop %]
<li><a href="[% casServer.value %]">[% casServer.name %]</a></li>
[% END %]
</ul>
[% END %]
[% END %]
[% IF ( shibbolethAuthentication ) %]
<p>Nothing</p>
[% ELSE %]
<h4>Local login</h4>
<p>If you do not have a CAS account, but do have a local account, you can still log in: </p>
[% END %]
[% END # / IF casAuthentication %]
<form action="[% url %]" name="auth" id="auth" method="post">
<input type="hidden" name="koha_login_context" value="opac" />
<fieldset class="brief">
[% FOREACH INPUT IN INPUTS %]
<input type="hidden" name="[% INPUT.name |html %]" value="[% INPUT.value |html %]" />
[% END %]
<label for="userid">Login</label>
<input type="text" size="25" id="userid" name="userid" />
<label for="password">Password</label><input type="password" size="25" id="password" name="password" />
</fieldset>
<input type="submit" value="Log in" class="btn" />
<div id="nologininstructions">
[% IF Koha.Preference('NoLoginInstructions') %]
[% Koha.Preference('NoLoginInstructions') %]
[% ELSE %]
<h5>Don't have a password yet?</h5><p> If you don't have a password yet, stop by the circulation desk the next time you're in the library. We'll happily set one up for you.</p>
<h5>Don't have a library card?</h5><p> If you don't have a library card, stop by your local library to sign up.</p>
[% END # / IF Koha.Preference('NoLoginInstructions') %]
[% IF PatronSelfRegistration && PatronSelfRegistrationDefaultCategory %]<span id="registrationinstructions">You may <a href="/cgi-bin/koha/opac-memberentry.pl">register here</a>.</span>[% END %]
</div>
</form>
[% END # / IF loginprompt %]
[% ELSE %]
<h4>Logging on to the catalog has not been enabled by the library.</h4>
<ul>
<li>To report this error, you can <a href="mailto:[% admin %]">email the Koha Administrator</a>.</li>
<li>Use top menu bar to navigate to another part of Koha.</li>
</ul>
[% END # / IF opacuserlogin %]
[% IF persona %]
<p><a href="#" class="persona-button" id="browserid" ><span>Sign in with your Email</span></a></p>
[% END %]
</div> <!-- /.opac-auth -->
</div> <!-- /.span12 -->
</div> <!-- /.row-fluid -->
</div> <!-- /.container-fluid -->
</div> <!-- /.main -->
[% INCLUDE 'opac-bottom.inc' %]
[% BLOCK jsinclude %]
<script type="text/javascript">
//<![CDATA[
// Hide circular 'Log in to Your Account' link in opac-auth.pl
$(document).ready(function() {
if ( $("#auth" ) ) { $("#members ul li a").hide(); }
});
//]]>
</script>
[% END %]
View git blame Copy permalink