Change #7598
| Category | None |
| Changed by | Mike Rylander <mrylander@gmail.com> |
| Changed at | Fri 26 Feb 2021 12:46:27 |
| Repository | git://git.evergreen-ils.org/Evergreen.git |
| Project | Evergreen |
| Branch | master |
| Revision | 6dae50798574f3c35c4d6713355cf90cfe4adef4 |
Comments
LP#1871211: Shibboleth integration support
This commit adds Shibboleth integration to Evergreen for use in the
OPAC. Using Shibboleth, libraries can authenticate patrons against a
wide variety of 3rd party services, using many different protocols and
standards.
Several settings control if, when and how to make use of the Shibboleth
integration:
* Enable Shibboleth SSO for the OPAC
- The main on/off switch.
* Allow both Shibboleth and native OPAC authentication
- By default only one or the other will be allowed. This enables both
native and Shibboleth login.
* Log out of the Shibboleth IdP
- If supported by the IdP configured for use on the other side of
Shibboleth, this tells Evergreen to tell Shibboleth to log out of
the IdP on Evergreen logout.
* Shibboleth SSO Entity ID
- If multiple IdPs are configured for Shibboleth, and available to a
particular hostname, this setting defines the one to use for a
given context org unit.
* Evergreen SSO matchpoint
- The Evergreen-side user field to use when looking up the patron
after successful SSO login.
* Shibboleth SSO matchpoint
- The Shibboleth-side field, defined in the attribute map, that
contains the IdP user identifier value used to look up the Evergreen
patron.
Two apache sesttings control how Evergreen interacts with Shibboeth:
* SetEnv sso_loc XXX, which acts in a way analogous to the physical_loc
environment variable to define the context OU for SSO settings.
* ShibRequestSetting applicationId XXX, which helps Shibboleth identify
the correct set of entity ID and attribute mapping configuration.
Additional Shibboleth-focused documentation and examples will be
provided for system administrators.
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Christine Burns <christine.burns@bc.libraries.coop>
Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu>
Changed files
- Open-ILS/examples/apache_24/eg_vhost.conf.in
- Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
- Open-ILS/src/sql/Pg/950.data.seed-values.sql
- Open-ILS/src/sql/Pg/upgrade/XXXX.data.shib_sso.sql
- Open-ILS/src/templates/opac/parts/login/form.tt2
- Open-ILS/src/templates/opac/parts/topnav.tt2