[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2022-06-23 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #16 from David Cook  ---
Just noting that I've signed off Bug 30988 so it would be great to get some QA
eyes on it.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2022-06-20 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #15 from David Cook  ---
While this patch has more functionality than bug 30988, it was originally
written for a buggy OIDC IdP 8 years ago and it's outdated in a number of ways. 

While I run a newer local version in prod (and I probably will keep running it
locally), I actually want to re-write this functionality using Mojolicious. In
fact, there's already a plugin to take care of the majority of it:
https://metacpan.org/pod/Mojolicious::Plugin::OAuth2

But I'm not planning on doing that any time soon, so I'm happy to endorse bug
30988 as the replacement for bug 21586, since Shi Yao Wang is actively working
on that one.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2022-06-20 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

David Cook  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |DUPLICATE

--- Comment #14 from David Cook  ---


*** This bug has been marked as a duplicate of bug 30988 ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2021-05-24 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

David Cook  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=28420

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2021-05-23 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

David Cook  changed:

   What|Removed |Added

 CC||mark.jaro...@gmail.com

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2020-06-17 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

David Cook  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=25796

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2020-01-30 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #13 from Michal Denar  ---
Great news, David.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2020-01-29 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #12 from David Cook  ---
I decided to make some strides on generic authentication and opened
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24539

I've refactored my OpenID Connect code to take advantage of a standard generic
interface in Auth.pm and opac-auth.tt. 

I still have some work to do on the endpoint that triggers the login, but I
have some ideas about that.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2020-01-21 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #11 from David Cook  ---
Created attachment 97684
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=97684&action=edit
Local login plus external login

Example of local login plus external logins.

The links/buttons are for URLs like this:

https://gitlab.com/users/auth/google_oauth2
https://gitlab.com/users/auth/twitter

It would be interesting to have plugins so that we could do things like:

https://koha/users/auth/google
https://koha/users/auth/custom_idp1
https://koha/users/auth/custom_idp2

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2020-01-20 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #10 from David Cook  ---
I don't have plans to work on this at present, but it is an interest of mine,
so if I find myself with spare time, I would work on it (although the OAI-PMH
harvester is a competing albeit much more complex interest).

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2020-01-20 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #9 from David Cook  ---
Actually, this one would be great to add as an "Authentication Plugin" for
Koha. 

Looking at my code, the only part of it which doesn't lend itself to a plugin
architecture are the changes to Auth.pm and opac-auth.tt. 

However, we could probably remove the necessity for opac-auth.tt changes.

And we could add hooks into Auth.pm for login and logout. Looking at my code,
those shouldn't be that hard to add. 

--

One of the interesting things with this work was setting up multiple OpenID
Connect providers. I'm not sure how often that would actually be a requirement
(as I think people sometimes use another IdP to federate others together) but
it was originally a requirement for my work, and it's something I've seen other
people ask for online. 

--

Really we should be able to use OpenID Connect against Google and any other
compliant IdP (like Keycloak).

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2020-01-20 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #8 from David Cook  ---
This code is out of date, and has a few known problems. However, I have a newer
version, which I actually have working with the Keycloak OpenID Connect
Identity Provider.

For testing purposes, I very easily ran up an instance in Docker
(https://hub.docker.com/r/jboss/keycloak/), and after resolving a bug in my
code, I was able to successfully authenticate and auto-add a patron to Koha. 

It's worth noting that I have used Keycloak for other projects for a while now,
so the server configuration was trivial for me, but it might not be obvious at
a glance. There is lots of documentation though. 

Might also be worth noting that Keycloak is sponsored by Red Hat and forms the
core of RH-SSO, which Red Hat actually uses for all its own AuthN purposes. 

Note that even though I have a new version of the code that works, I'd actually
like to redo my code for this one.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2019-10-25 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

Stefan Berndtsson  changed:

   What|Removed |Added

 CC||stefan.berndts...@ub.gu.se

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2019-05-05 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

Katrin Fischer  changed:

   What|Removed |Added

 CC||o...@critfc.org

--- Comment #7 from Katrin Fischer  ---
*** Bug 3237 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2019-01-23 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #6 from David Cook  ---
Happy for other people to work on this. This isn't really a priority for me at
the moment, although it would be a great addition to Koha!

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2018-11-05 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #5 from David Cook  ---
I've recently been looking at Keycloak https://www.keycloak.org and I'm
thinking it could be something that we use for testing this.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2018-10-17 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #4 from David Cook  ---
Comment on attachment 80689
  --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=80689
Bug 21586: Add generic OpenIDConnect client implementation

Review of attachment 80689:
 --> 
(https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=21586&attachment=80689)
-

::: C4/Auth.pm
@@ +1789,4 @@
>  }
>  else {
>  # catch all defaults to tmp should work on all systems
> +my $dir = C4::Context::temporary_directory();

Ooops. This was a local fix that I did so that C4::Auth would compile for my
client side git hook...I should take that out.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2018-10-17 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

Martin Renvoize  changed:

   What|Removed |Added

 CC||martin.renvoize@ptfs-europe
   ||.com

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2018-10-17 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #3 from David Cook  ---
login_openidc is a bit outdated with its POD...

Additional configuration options to consider as children of the "provider"
element:

client_secret_post
form
https://provider/openidconnect/destroy_session

Another optional child of the "mapping" element:

company_name

(I added this since OpenIDConnect technically allows providers to provide
non-typical claims too. This could use a better mechanism for configuration.)

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2018-10-17 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #2 from David Cook  ---
To test:
1) View the =head1 DESCRIPTION in opac/svc/login_openidc. It tells you to write
a large chunk of XML into koha-conf.xml. (NOTE: The "prosentient" element is a
subling to the "config" element. The only parent to the "prosentient" element
is the "yazgfs" element. This is very important.)

2) Configure koha-conf.xml to point to the OpenIDConnect server to which you
want to connect. 

3) Change $debugging in opac/svc/login_openidc from 0 to 1. This will help you
with your troubleshooting considerably.

4) On your Koha OPAC, using a system preference, add a URL like
http://your-koha-host/cgi-bin/koha/svc/login_openidc?pid=foo

5) Click on that link and it should redirect you to a login page for your
upstream authentication provider. After you fill that you, you should be
returned to your Koha as a logged in user (NOTE: email address is used for
matching... if your email address already exists in Koha, you'll be logged in
as that user. If your email address doesn't exist, a new user will be created
with your details from your upstream provider.)

--

If I've missed anything, comment here or reach me on IRC, and I can provide
more details!

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2018-10-17 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

--- Comment #1 from David Cook  ---
Created attachment 80689
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=80689&action=edit
Bug 21586: Add generic OpenIDConnect client implementation

BEWARE: This patch is not ready sign off!

This is partially since it exists within Prosentient namespaces,
and partially because a lot of things could probably be improved,
since I originally wrote this code 4 years ago for 1 specific
client.

I'm adding this patch so that others can look at this work,
and either adapt it themselves, or test it and give me feedback
so that I can update it.

I can't guarantee that it works in its current state, as the latest
version I support with this code is 17.05, and I've touched up
a few things here and there that differ from my running code.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2018-10-17 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

David Cook  changed:

   What|Removed |Added

   Assignee|koha-b...@lists.koha-commun |dc...@prosentient.com.au
   |ity.org |

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21586] Add generic OpenIDConnect client implementation

2018-10-17 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21586

Josef Moravec  changed:

   What|Removed |Added

 CC||blac...@gmail.com,
   ||josef.mora...@gmail.com

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/