On Tue, 11 Jun 2013, Mark H. Wood wrote:
> On Mon, Jun 10, 2013 at 06:39:54PM +0000, Pottinger, Hardy J. wrote: >> To anyone following along, Ben Ryan's description below is spot-on. It >> would be worth copying part of his message into the documentation. If I >> feel sufficiently full of pique, I might do so myself, though my day is >> pretty full of distractions already... I won't be offended if someone >> beats me to it. > > OK, I may be dense this week, but I'm still uncertain. This is a good > explanation of how Shibboleth lazy login works, but I still don't see > the one thing that a DSpace installer wants to know: > > What is the algorithm for calculating the proper value for > lazysession.loginurl, at my site, from my site's Apache configuration > (which may be different from yours and everyone else's) and my site's > Shibboleth configuration (which also may be different from yours and > everyone else's)? What files do I need to read, what values should > I look for, and how do I combine them to yield this local-path that > DSpace wants? > > The answer to that question would be proper documentation for this > feature of DSpace. I believe that the two shib admins who have spoken up (Ben / I ) have said this already.. lazysessions in the shib world is a way to tell the web container (apache) that we are using shibboleth for authn/z withOUT requiring a login right away. A lazy sesision configured <Location> block is as follows.. <Location /> AuthType shibboleth ShibRequestSetting requireSession 0 Require shibboleth </Location> The default (always works) way to get a shib session flow started when using the Shibboleth SP is hitting the following URL http(s)://<site>/Shibboleth.sso/Login I would guess the algorithm for calculating is .. :-) protocol + site + shibboleth handler + Login ... Once you are returned from that back to the dspace env/app it is assumed that the REMOTE_USER and any other headers are able to be pulled out by the dspace login routines or, that it (dspace) will be looking for them anyway.. ------ thanks kevin.foote ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
