Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Change #7598

Category None
Changed by Mike Rylander <mrylanderohnoyoudont@gmail.com>
Changed at Fri 26 Feb 2021 12:46:27
Repository git://git.evergreen-ils.org/Evergreen.git
Project Evergreen
Branch master
Revision 6dae50798574f3c35c4d6713355cf90cfe4adef4

Comments

LP#1871211: Shibboleth integration support
This commit adds Shibboleth integration to Evergreen for use in the
OPAC.  Using Shibboleth, libraries can authenticate patrons against a
wide variety of 3rd party services, using many different protocols and
standards.

Several settings control if, when and how to make use of the Shibboleth
integration:
 * Enable Shibboleth SSO for the OPAC
  - The main on/off switch.
 * Allow both Shibboleth and native OPAC authentication
  - By default only one or the other will be allowed.  This enables both
    native and Shibboleth login.
 * Log out of the Shibboleth IdP
  - If supported by the IdP configured for use on the other side of
    Shibboleth, this tells Evergreen to tell Shibboleth to log out of
    the IdP on Evergreen logout.
 * Shibboleth SSO Entity ID
  - If multiple IdPs are configured for Shibboleth, and available to a
    particular hostname, this setting defines the one to use for a
    given context org unit.
 * Evergreen SSO matchpoint
  - The Evergreen-side user field to use when looking up the patron
    after successful SSO login.
 * Shibboleth SSO matchpoint
  - The Shibboleth-side field, defined in the attribute map, that
    contains the IdP user identifier value used to look up the Evergreen
    patron.

Two apache sesttings control how Evergreen interacts with Shibboeth:
 * SetEnv sso_loc XXX, which acts in a way analogous to the physical_loc
   environment variable to define the context OU for SSO settings.
 * ShibRequestSetting applicationId XXX, which helps Shibboleth identify
   the correct set of entity ID and attribute mapping configuration.

Additional Shibboleth-focused documentation and examples will be
provided for system administrators.

Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Christine Burns <christine.burns@bc.libraries.coop>
Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu>

Changed files