From ea74ed57660219caeb3fb5512b03fc2109b292de Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Thu, 2 Mar 2017 16:40:11 +0000 Subject: [PATCH] Bug 17776: Enable Shibboleth for Plack https://bugs.koha-community.org/show_bug.cgi?id=17776 Signed-off-by: Matthias Meusburger Signed-off-by: Marcel de Rooy Signed-off-by: Nick Clemens --- C4/Auth.pm | 18 ++++++++---------- C4/Auth_with_shibboleth.pm | 21 ++++++++++++++++++--- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 7d330b57bc..303db34019 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -76,16 +76,7 @@ BEGIN { qw(shib_ok checkpw_shib logout_shib login_shib_url get_login_shib); # Check for good config - if ( shib_ok() ) { - - # Get shibboleth login attribute - $shib_login = get_login_shib(); - } - - # Bad config, disable shibboleth - else { - $shib = 0; - } + $shib = 0 unless shib_ok(); } if ($cas) { import C4::Auth_with_cas qw(check_api_auth_cas checkpw_cas login_cas logout_cas login_cas_url logout_if_required); @@ -161,6 +152,9 @@ sub get_template_and_user { my $in = shift; my ( $user, $cookie, $sessionID, $flags ); + # Get shibboleth login attribute + $shib_login = get_login_shib() if $shib; + C4::Context->interface( $in->{type} ); $in->{'authnotrequired'} ||= 0; @@ -790,6 +784,10 @@ sub _timeout_syspref { sub checkauth { my $query = shift; $debug and warn "Checking Auth"; + + # Get shibboleth login attribute + $shib_login = get_login_shib() if $shib; + # $authnotrequired will be set for scripts which will run without authentication my $authnotrequired = shift; my $flagsrequired = shift; diff --git a/C4/Auth_with_shibboleth.pm b/C4/Auth_with_shibboleth.pm index 421a562d24..371f015721 100644 --- a/C4/Auth_with_shibboleth.pm +++ b/C4/Auth_with_shibboleth.pm @@ -27,6 +27,7 @@ use Koha::Patrons; use C4::Members::Messaging; use Carp; use CGI; +use List::Util qw(any); use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug); @@ -82,9 +83,14 @@ sub get_login_shib { my $config = _get_shib_config(); my $matchAttribute = $config->{mapping}->{ $config->{matchpoint} }->{is}; - $debug and warn $matchAttribute . " value: " . $ENV{$matchAttribute}; - return $ENV{$matchAttribute} || ''; + if ( any { /(^psgi|^plack)/i } keys %ENV ) { + $debug and warn $matchAttribute . " value: " . $ENV{"HTTP_".uc($matchAttribute)}; + return $ENV{"HTTP_".uc($matchAttribute)} || ''; + } else { + $debug and warn $matchAttribute . " value: " . $ENV{$matchAttribute}; + return $ENV{$matchAttribute} || ''; + } } # Checks for password correctness @@ -247,11 +253,20 @@ Map their attributes to what you want to see in koha Tell apache that we wish to allow koha to authenticate via shibboleth. -This is as simple as adding the below to your virtualhost config: +This is as simple as adding the below to your virtualhost config (for CGI running): + + + AuthType shibboleth + Require shibboleth + + +Or (for Plack running): AuthType shibboleth Require shibboleth + ShibUseEnvironment Off + ShibUseHeaders On =item 5. -- 2.39.5