Hi, You got logged out locally but not from the IdP. You can try this https://your-dspace/Shibboleth.sso/Logout ... You should direct this question to the team.
Regards, On Tuesday, February 1, 2022 at 11:14:55 PM UTC+3 jos...@udel.edu wrote: > Hi, > > I just found after logging out successfully on my dspace web site (I am > using Shibboleth authentication and DSPace 7.1), when I visit the site and > click "log in with Shibboleth" button, it lets me in automatically. How can > I completely log out? Is there anyway except clearing cookies on my web > browser? > > ---------------- > Joshua Kim > Web Developer, Library IT > Library, Museums and Press > University of Delaware > > > > On Tue, Feb 1, 2022 at 12:26 PM Joshua Kim <jos...@udel.edu> wrote: > >> Mark and Mohammad, >> >> I appreciate you both for pointing that out. The names of the attributes >> are unmatched. After changing the attribute names, it is working now. Thank >> you so much. >> >> ---------------- >> Joshua Kim >> Web Developer, Library IT >> Library, Museums and Press >> University of Delaware >> >> >> >> On Mon, Jan 31, 2022 at 10:21 PM Mohammad S. AlMutairi <alo...@gmail.com> >> wrote: >> >>> One way of debugging this to see the attributes sent from the IdP is >>> changing the URL after you see the error message your reported >>> (Authentication failed! ) to https://your-domain/Shibboleth.sso/Session >>> ... With this you will see the attributes themselves but not their values. >>> If you need to see the values too you need to change showAttributeValues >>> from false to true ( See the attached file ). You can find it in the >>> Shibboleth main SP config file (shibboleth2.xml). You don't need to restart >>> the shibboleth service for this change to take affect. This will show you >>> what attributes are being sent by the IdP and according to the DSpace >>> documentation ( DSpace treats the first and last name attributes >>> differently because they (along with email address) are the three pieces of >>> minimal information required to create a new user account.) so if you can >>> see these attributes are being sent from the IdP you can for this debugging >>> session edit [dspace]config/modules/authentication-shibboleth.cfg and >>> change the options you see on the lines below to what you got from the IdP >>> and you should see the new shibboleth user are able to login and his/her >>> profile is created. Try it and once you done do the attributes re-mapping >>> as Mark indicated. >>> >>> #authentication-shibboleth.netid-header = SHIB-NETID >>> #authentication-shibboleth.email-header = SHIB-MAIL >>> authentication-shibboleth.netid-header = uid >>> authentication-shibboleth.email-header = mail >>> >>> #authentication-shibboleth.firstname-header = SHIB-GIVENNAME >>> #authentication-shibboleth.lastname-header = SHIB-SURNAME >>> authentication-shibboleth.firstname-header = givenName >>> authentication-shibboleth.lastname-header = sn >>> >>> >>> On Tuesday, February 1, 2022 at 12:35:14 AM UTC+3 Mark H. Wood wrote: >>> >>>> On Mon, Jan 31, 2022 at 02:51:15PM -0500, Joshua Kim wrote: >>>> > My dev site uses Dspace 7.1 and Shibboleth authentication. I am new >>>> to >>>> > Shibboleth. SP and IP are set up (shibboleth related xml files >>>> correctly). >>>> > It passes the Shibboleth single sign on authentication but on my >>>> site, it >>>> > says "Authentication failed!". Can someone help me out with this? >>>> > >>>> > The DSpace log says >>>> > 2022-01-31 14:44:41,525 ERROR unknown unknown >>>> > org.dspace.authenticate.ShibAuthentication @ Shibboleth >>>> authentication was >>>> > not able to find a NetId, Email, or Tomcat Remote user $ >>>> > 2022-01-31 14:44:41,531 ERROR unknown unknown >>>> > org.dspace.authenticate.ShibAuthentication @ Unable to register new >>>> eperson >>>> > beca >>>> > use we are unable to find an email address along with first and last >>>> name >>>> > for the user. >>>> > NetId Header: 'SHIB-NETID'='null' (Optional) >>>> > Email Header: 'SHIB-MAIL'='null' >>>> > First Name Header: 'SHIB-GIVENNAME'='null' >>>> > Last Name Header: 'SHIB-SURNAME'='null' >>>> > 2022-01-31 14:44:41,533 INFO unknown unknown >>>> > org.dspace.app.rest.security.EPersonRestAuthenticationProvider @ >>>> > anonymous::failed_login:email=null, result=4 >>>> > 2022-01-31 14:44:41,536 ERROR unknown unknown >>>> > org.dspace.app.rest.security.StatelessLoginFilter @ Authentication >>>> failed >>>> > (status:401) >>>> > org.springframework.security.authentication.BadCredentialsException: >>>> Login >>>> > failed >>>> >>>> I would carefully check the SP configuration, specifically >>>> 'attribute-map.xml'. You need to talk to the people who run the IDP >>>> and find out what labels they used for the user's given name, surname, >>>> email address and unique identifier. These should be mapped to the >>>> request header names that DSpace is expecting: SHIB-GIVENNAME, >>>> SHIB-SURNAME, SHIB-MAIL, and SHIB-NETID using 'Attribute' elements in >>>> 'attribute-map.xml'. Different organizations may use different >>>> attribute names to refer to the same user qualities in their IDP >>>> configurations, so you need to map the ones your organization is using. >>>> >>>> -- >>>> Mark H. Wood >>>> Lead Technology Analyst >>>> >>>> University Library >>>> Indiana University - Purdue University Indianapolis >>>> 755 W. Michigan Street >>>> Indianapolis, IN 46202 >>>> 317-274-0749 <(317)%20274-0749> >>>> www.ulib.iupui.edu >>>> >>> -- >>> All messages to this mailing list should adhere to the Code of Conduct: >>> https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "DSpace Technical Support" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to dspace-tech...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/dspace-tech/28a8d8bb-c223-4719-9538-ae7fd84c193fn%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/dspace-tech/28a8d8bb-c223-4719-9538-ae7fd84c193fn%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/d5919dc0-e9fd-458c-beda-21590a3327f7n%40googlegroups.com.
