Change #7598
Category | None |
Changed by | Mike Rylander <mrylander | @gmail.com>
Changed at | Fri 26 Feb 2021 12:46:27 |
Repository | git://git.evergreen-ils.org/Evergreen.git |
Project | Evergreen |
Branch | master |
Revision | 6dae50798574f3c35c4d6713355cf90cfe4adef4 |
Comments
LP#1871211: Shibboleth integration support This commit adds Shibboleth integration to Evergreen for use in the OPAC. Using Shibboleth, libraries can authenticate patrons against a wide variety of 3rd party services, using many different protocols and standards. Several settings control if, when and how to make use of the Shibboleth integration: * Enable Shibboleth SSO for the OPAC - The main on/off switch. * Allow both Shibboleth and native OPAC authentication - By default only one or the other will be allowed. This enables both native and Shibboleth login. * Log out of the Shibboleth IdP - If supported by the IdP configured for use on the other side of Shibboleth, this tells Evergreen to tell Shibboleth to log out of the IdP on Evergreen logout. * Shibboleth SSO Entity ID - If multiple IdPs are configured for Shibboleth, and available to a particular hostname, this setting defines the one to use for a given context org unit. * Evergreen SSO matchpoint - The Evergreen-side user field to use when looking up the patron after successful SSO login. * Shibboleth SSO matchpoint - The Shibboleth-side field, defined in the attribute map, that contains the IdP user identifier value used to look up the Evergreen patron. Two apache sesttings control how Evergreen interacts with Shibboeth: * SetEnv sso_loc XXX, which acts in a way analogous to the physical_loc environment variable to define the context OU for SSO settings. * ShibRequestSetting applicationId XXX, which helps Shibboleth identify the correct set of entity ID and attribute mapping configuration. Additional Shibboleth-focused documentation and examples will be provided for system administrators. Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Christine Burns <christine.burns@bc.libraries.coop> Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu>
Changed files
- Open-ILS/examples/apache_24/eg_vhost.conf.in
- Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
- Open-ILS/src/sql/Pg/950.data.seed-values.sql
- Open-ILS/src/sql/Pg/upgrade/XXXX.data.shib_sso.sql
- Open-ILS/src/templates/opac/parts/login/form.tt2
- Open-ILS/src/templates/opac/parts/topnav.tt2