[ http://jira.dspace.org/jira/browse/DS-187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mark Diggory updated DS-187: ---------------------------- Attachment: (was: dspace3688-ignoreScope-v3.patch) > Allow anonymous user and scoped role header in Shibboleth auth method > --------------------------------------------------------------------- > > Key: DS-187 > URL: http://jira.dspace.org/jira/browse/DS-187 > Project: DSpace 1.x > Issue Type: Improvement > Components: DSpace API > Affects Versions: 1.5.2 > Reporter: Andrea Bollini > Attachments: shib-dspace3613-new > > > This issue has been created from the follow up of the DS-48 issue. > Stuart Hicks, Systems Engineer at OhioLINK, has been working with a slightly > older version of the patch than what was released today and found two things > that we need in our environment: > # Anonymous users - We can't guarantee that we'll get an eppn, email address, > or much of anything else from the schools except the mandatory affiliation > values. This is the issue that the attached patch addresses. Anonymous users > are defaulted to a preset account dictated by the email-default value in > dspace.cfg > # Scoping - The authentication.shib.role handlers need to support scoping as > we use eduPersonScopedAffiliation attributes rather than the unscoped variety. > Here's the text from his patch (based on an earlier version) to allow > anonymous, but Shibboleth authenticated users. Would it be possible to get > this change incorporated into the main codebase?: > diff -ur dspace-1_5-with-shib.orig/dspace/config/dspace.cfg > dspace-1_5-with-shib/dspace/config/dspace.cfg > --- dspace-1_5-with-shib.orig/dspace/config/dspace.cfg 2009-03-27 > 10:46:22.000000000 -0400 > +++ dspace-1_5-with-shib/dspace/config/dspace.cfg 2009-03-27 > 10:47:55.000000000 -0400 > @@ -324,6 +324,10 @@ > # this option below forces the software to acquire the email from Tomcat. > #authentication.shib.email-use-tomcat-remote-user = true > > +# this is the default email used for Shib-authenticated sessions that > +# do not include user-identifiable data (eppn, mail, etc.) > +#authentication.shib.email-default = anonym...@example.org > + > # should we allow new users to be registered automtically > # if the IdP provides sufficient info (and user not exists in DRC) > #authentication.shib.autoregister = true > diff -ur > dspace-1_5-with-shib.orig/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java > > dspace-1_5-with-shib/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java > --- > dspace-1_5-with-shib.orig/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java > 2009-03-27 10:46:18.000000000 -0400 > +++ > dspace-1_5-with-shib/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java > 2009-03-27 11:09:21.000000000 -0400 > @@ -59,6 +59,7 @@ > > boolean isUsingTomcatUser = > ConfigurationManager.getBooleanProperty("authentication.shib.email-use-tomcat-remote-user"); > String emailHeader = > ConfigurationManager.getProperty("authentication.shib.email-header"); > + String emailDefault = > ConfigurationManager.getProperty("authentication.shib.email-default"); > > String email = null; > > @@ -82,6 +83,11 @@ > EPerson p = context.getCurrentUser(); > if(p != null) email = p.getEmail(); > } > + > + //Check to see if they provided a default account > + if(email == null && emailDefault != null){ > + email = emailDefault; > + } > > if(email == null){ > log.error("No email is given, you're denied access by Shib, > please release email address"); -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.dspace.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Dspace-devel mailing list Dspace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-devel