Hi, seems to me that we have that in our fork of dspace (see example configuration in https://github.com/ufal/clarin-dspace/pull/744/files#diff-7af0c4da25387f79141b778592fa58fbR211). Though our ShibbolethAuthentication is different from the original, so it might not be that straightforward to cherry-pick just this change.
Btw I think DSpace 5.x and 6.x are now only receiving bug fixes, so I wouldn't expect new features there. Regards, Ondrej Dne pátek 12. ledna 2018 15:24:44 UTC+1 Jakub Řihák napsal(a): > > Dear all, > > we would like to assing users to DSpace Role-Based groups authenticated > with ShibAuthentication plugin using values from multiple Shibboleth > headers, for example: > > - assign users with value of Affiliation attribute = 'student' and value > of DisabledCategory attribute = 'A1' to predefined DSpace group > 'DisableStudent' to provide access to digitized materials that can only be > available for 'disabled students' > > - assign users with value of 'Affiliation attribute = 'member-1lf' and > value of 'AffiliationRole' = studentCorrdinator to predefined DSpace group > 'FacultyCoordinator1LF" to provide admin rights for DSpace collections to > users based on their affiliation within the university and their role > stored in our IdP > > etc. > > As far as I know, there is no way with current implementation of > ShibbolethAuthentication plugin to take into account multiple Shibboleth > headers and their values when assigning user to a Group after he's > authenticated, am I right? ShibbolethAuthentication plugin seems to take > into account only values from one Shibboleth Header defined in > ShibAuthentication.cfg file. > > Could you perhaps tell me, if anyone tried to achieve something similar? > > As it is (hopefully) apparent from examples, we need far greater > granularity when assigning authenticated users to DSpace groups. Right know > we are discussing our possibilities: > > I think we have three possibilities: > - 'calculate' correct user role based on multiple user attributes on the > side of IdP and send send 'calculated dspace group' as a value of some > Shibboleth Header the is defined in ShibAuthentication plugin (requires > programming) > > - use a standalone program to fetch user attributes from IdP and > preprocess them for DSpace ShibAuthentication plugin (requires programming) > > - modify ShibbolethAuthentication plugin in our DSpace instalation to look > for values from multiple ShibHeaders and assign users to groups based on > some newly programmed logic (requires programming as well) > > It would be very helpful to know, if there were some attempts to do this > on the 'DSpace side' and/or if this would be a viable way how to improve > DSpace Authentication Plugin. > > We are using DSpace 5.6, so it might be better to just wait for newer > version of DSpace where this might be solved? > > Thank you for any answer or suggestion, > with best regards, > > Jakub Řihák > Charles University > Prague, Czech Republic > -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
