We use the ODBC driver with shibd, but I would advise against using that
as the data source. The data is internal to Shibboleth and you'd have to
accept the risk accompanied with trying to parse it. And then you'd
still have to relay the Shibboleth session identifier somehow.
--Ere
Dave Shero
Yeah, Tomas' suggestion gave me a similar idea, of creating a standalone
CGI shim which doesn't load any of the full koha infrastucture (it could
probably be self-contained, using no Koha::*/C4::* modules at all) and
just receives the shib tokens, then writes them into a database (or
memcached), wh
I'm not claiming that I understand the workflow, but just chiming in
hoping that this may be useful. One approach with Shibboleth is to have
a separate endpoint/path that handles the authentication after returning
from the Shibboleth handler. In other words, if normal login is at
/cgi-bin/koha/
https://metacpan.org/pod/Mojolicious::Plugin::SAML is another option, but
also relies on us switching away from Apache + Plack entirely and rather
letting hypnotoad act as the server itself and doing away with the native
service provider package entirely too.. but those are real long game goals
;)
Sorry I've not got to this earlier,
I'm languishing on that bug due to lack of funding/interest.
You are entirely correct that there is no way to use environment variables
when using apache merely as a proxy to plack, and that any middlewares etc
just obfuscate this further moving it up the chain
I'm not familiar with the protocol workflow, but can't we just run some
bits in CGI mode to avoid this? (I imagine this is about the callback PL).
We already do this for other stuffs.
El mar., 28 de ago. de 2018 07:39, Dave Sherohman
escribió:
> Plack::Auth::SSO::Shibboleth appears to fall into
Plack::Auth::SSO::Shibboleth appears to fall into the "just pushes the
issue back a level... without actually solving the core issue" from my
original post. Quoting the P::A::S::S docs,
---
The real authenticating module lives inside the Apache web server, and
is called "mod_shib".
There are two
Hi,
Using something like Plack::Auth::SSO::Shibboleth might provide a
solution to this problem.
https://metacpan.org/pod/Plack::Auth::SSO::Shibboleth
Le 27/08/2018 à 20:12, Katrin Fischer a écrit :
Hi Dave,
I am not aware of a way to run Shibboleth with Plack in a safe way at
the moment, b
Hi Dave,
I am not aware of a way to run Shibboleth with Plack in a safe way at
the moment, but would also be very interested in seeing this resolved.
It's a rather big issue for academic libraries here.
Katrin
On 27.08.2018 10:41, Dave Sherohman wrote:
Hey, all!
tl;dr: When running koha un
Hey, all!
tl;dr: When running koha under plack and using shibboleth
authentication, what is the currently-recommended way to communicate
auth details from mod_shib to koha?
Long version:
I'm in the process of converting our Koha installation from running
under vanilla CGI to using plack/starman
10 matches
Mail list logo
