Hi George, While I don't know the exact answer you need (as Shibboleth admittedly can be complex and unique to how you have things setup), you may wish to review some of the hints/tips in the DSpace Shibboleth Plugin docs:
https://wiki.duraspace.org/display/DSDOC5x/Authentication+Plugins#AuthenticationPlugins-ShibbolethAuthentication Specifically, if your local IdP is not working properly, you could do some initial testing against https://www.testshib.org/ (which provides a sample/demo IdP) just to try and get the basics working. The problem could be in your shibboleth2.xml, or it's even possible you have something misconfigured in your "mod_shib" settings (which we do have a sample for in our docs) or authentication-shibboleth.cfg. So, it's possible that trying to do testing against https://www.testshib.org/ may help you narrow down the problem area. Just an idea, if you are stumped. If you *do* discover a mistake in our docs, or a clarification we should be making, definitely let us know as we'd love to enhance the docs further for others. - Tim On 2/27/2015 9:08 AM, George Stanley Kozak wrote: > Tim: > > Not a problem. I'm still struggling getting Shibboleth to work, but if I > figure it out, I will let everyone know what I found out (it's probably just > a simple configuration problem). > > -----Original Message----- > From: Tim Donohue [mailto:[email protected]] > Sent: Thursday, February 26, 2015 4:43 PM > To: [email protected] > Subject: Re: [Dspace-tech] Shibboleth login on DSpace 4.2 > > Hi George, > > Apologies, I just responded to the wrong thread. :) This was meant for > someone else, as you are obviously using Shibboleth authentication. > > - Tim > > On 2/26/2015 3:39 PM, Tim Donohue wrote: >> Hi George, >> >> Sorry for the delayed response. This issue sounds very similar to this bug: >> >> https://jira.duraspace.org/browse/DS-2421 >> >> Simply put, I'm fairly certain the LDAPAuthentication plugin is not >> working correctly *unless* you configure either: >> >> "search.anonymous=true" >> >> OR specify both: >> >> "search.user" and "search.password" >> >> These are all in the authentication-ldap.cfg configuration file. >> >> I'm still searching out a volunteer to help resolve this bug in the >> code. Unfortunately, I don't have an LDAP locally that I can easily >> test against. >> >> - Tim >> >> On 2/23/2015 1:47 PM, George Stanley Kozak wrote: >>> Hi... >>> >>> I'm trying to implement the Shibboleth Login as an option on my >>> DSpace V. 4.2 XMLUI system. >>> >>> I am getting the proper login screen, but after logging in, I get >>> "Authentication Failed" >>> >>> In the DSPace logs, I see: >>> >>> ERROR org.dspace.authenticate.ShibAuthentication @ Shibboleth >>> authentication was not able to find a NetId, Email, or Tomcat Remote >>> user for which to indentify a user from. >>> >>> ERROR org.dspace.authenticate.ShibAuthentication @ Unable to register >>> new eperson because we are unable to find an email address along with >>> first and last name for the user. >>> >>> NetId Header: 'SHIB-NETID'='null' (Optional) >>> >>> Email Header: 'SHIB-MAIL'='null' >>> >>> First Name Header: 'SHIB-GIVENNAME'='null' >>> >>> Last Name Header: 'SHIB-SURNAME'='null' >>> >>> I'm trying to debug that now. I am wondering if I have the entityID >>> and homeURL set correctly in my shibboleth2.xml file. >>> >>> What is the recommended settings for these values if one is using a >>> DSpace installation? >>> >>> Thank you in advance for any help or suggestions. >>> >>> George Kozak >>> >>> Digital Library Specialist >>> >>> Cornell University Library Information Technologies (CUL-IT) >>> >>> 218 Olin Library >>> >>> Cornell University >>> >>> Ithaca, NY 14853 >>> >>> 607-255-8924 >>> >>> >>> >>> --------------------------------------------------------------------- >>> --------- >>> >>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >>> from Actuate! Instantly Supercharge Your Business Reports and >>> Dashboards with Interactivity, Sharing, Native Excel Exports, App >>> Integration & more Get technology previously reserved for >>> billion-dollar corporations, FREE >>> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg >>> .clktrk >>> >>> >>> >>> >>> _______________________________________________ >>> DSpace-tech mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/dspace-tech >>> List Etiquette: >>> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette >>> > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > DSpace-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dspace-tech > List Etiquette: > https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette > ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
