[Dspace-devel] [DSpace-JIRA] Commented: (DS-187) Allow anonymous user and scoped role header in Shibboleth auth method

[E. Stuart Hicks (JIRA)]

    [ 
http://jira.dspace.org/jira/browse/DS-187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=10510#action_10510
 ] 

E. Stuart Hicks commented on DS-187:
------------------------------------

Just curious to see if any progress on this has been made or if it's being 
preempted by DSpace 2.0.  We do have a 1.5 instance that will require anonymous 
Shib support in the near future and the idea of taking said instance and 
rebuilding it under 2.0 is not appealing in any way.

> Allow anonymous user and scoped role header in Shibboleth auth method
> ---------------------------------------------------------------------
>
>                 Key: DS-187
>                 URL: http://jira.dspace.org/jira/browse/DS-187
>             Project: DSpace 1.x
>          Issue Type: Improvement
>          Components: DSpace API
>    Affects Versions: 1.5.2
>            Reporter: Andrea Bollini
>         Attachments: shib-dspace3613-new
>
>
> This issue has been created from the follow up of the DS-48 issue.
> Stuart Hicks, Systems Engineer at OhioLINK, has been working with a slightly 
> older version of the patch than what was released today and found two things 
> that we need in our environment:
> # Anonymous users - We can't guarantee that we'll get an eppn, email address, 
> or much of anything else from the schools except the mandatory affiliation 
> values. This is the issue that the attached patch addresses. Anonymous users 
> are defaulted to a preset account dictated by the email-default value in 
> dspace.cfg
> # Scoping - The authentication.shib.role handlers need to support scoping as 
> we use eduPersonScopedAffiliation attributes rather than the unscoped variety.
> Here's the text from his patch (based on an earlier version) to allow 
> anonymous, but Shibboleth authenticated users. Would it be possible to get 
> this change incorporated into the main codebase?:
> diff -ur dspace-1_5-with-shib.orig/dspace/config/dspace.cfg 
> dspace-1_5-with-shib/dspace/config/dspace.cfg
> --- dspace-1_5-with-shib.orig/dspace/config/dspace.cfg 2009-03-27 
> 10:46:22.000000000 -0400
> +++ dspace-1_5-with-shib/dspace/config/dspace.cfg 2009-03-27 
> 10:47:55.000000000 -0400
> @@ -324,6 +324,10 @@
>  # this option below forces the software to acquire the email from Tomcat.
>  #authentication.shib.email-use-tomcat-remote-user = true
>  
> +# this is the default email used for Shib-authenticated sessions that
> +# do not include user-identifiable data (eppn, mail, etc.)
> +#authentication.shib.email-default = anonym...@example.org
> +
>  # should we allow new users to be registered automtically
>  # if the IdP provides sufficient info (and user not exists in DRC)
>  #authentication.shib.autoregister = true
> diff -ur 
> dspace-1_5-with-shib.orig/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java
>  
> dspace-1_5-with-shib/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java
> --- 
> dspace-1_5-with-shib.orig/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java
>  2009-03-27 10:46:18.000000000 -0400
> +++ 
> dspace-1_5-with-shib/dspace-api/src/main/java/au/edu/mq/melcoe/mams/dspace/authenticate/ShibAuthentication.java
>  2009-03-27 11:09:21.000000000 -0400
> @@ -59,6 +59,7 @@
>          
>          boolean isUsingTomcatUser = 
> ConfigurationManager.getBooleanProperty("authentication.shib.email-use-tomcat-remote-user");
>          String emailHeader = 
> ConfigurationManager.getProperty("authentication.shib.email-header");
> + String emailDefault = 
> ConfigurationManager.getProperty("authentication.shib.email-default");
>          
>          String email = null;
>          
> @@ -82,6 +83,11 @@
>              EPerson p = context.getCurrentUser();
>              if(p != null) email = p.getEmail();
>          }
> +
> + //Check to see if they provided a default account
> + if(email == null && emailDefault != null){
> + email = emailDefault;
> + }
>          
>          if(email == null){
>              log.error("No email is given, you're denied access by Shib, 
> please release email address");

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.dspace.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel