About Features Downloads Getting Started Documentation Events Support GitHub

Love VuFind®? Consider becoming a financial supporter. Your support helps build a better VuFind®!

VuFind Documentation

Site Tools

You are here: start » configuration » shibboleth
Trace:
Warning: This page has not been updated in over over a year and may be outdated or deprecated.
configuration:shibboleth

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
configuration:shibboleth [2016/09/22 19:21] demiankatzconfiguration:shibboleth [2022/09/12 15:11] – Struct data changed emaijala
Line 1: Line 1:
 +====== Shibboleth Configuration ======
 +
 ===== Shibboleth Setup ===== ===== Shibboleth Setup =====
  
Line 10: Line 12:
     </If>     </If>
     <Else>     <Else>
-      Require all granted+      AuthType shibboleth 
 +      Require shibboleth
     </Else>     </Else>
 </code> </code>
 +
 +Note: the "Else" clause can simply be "require all granted" if you are not using the Shibboleth "logout" setting... but if you are using "logout," you need access to Shibboleth attributes at all times, and thus must always require the Shibboleth module.
  
 The settings on VuFind side are found in the Shibboleth section in config.ini. Starting with VuFind 4.0 debug level log includes Shibboleth authentication handler messages to aid in debugging any issues with the authentication. These messages include the environment variables so that you can check if the environment variables that the Shibboleth module sets up matc the variable names in config.ini. The settings on VuFind side are found in the Shibboleth section in config.ini. Starting with VuFind 4.0 debug level log includes Shibboleth authentication handler messages to aid in debugging any issues with the authentication. These messages include the environment variables so that you can check if the environment variables that the Shibboleth module sets up matc the variable names in config.ini.
Line 81: Line 86:
 </code> </code>
  
 +==== Testing the Logout Handler ====
 +
 +A logout request can be simulated to verify that the logout handler works:
 +
 +  - Start a session in VuFind. 
 +  - Do a search and check that it shows up in the search history.
 +  - Take note of the session id by e.g. checking cookies with browser's developer tools.
 +  - Add a mapping from an external ID ("Shibboleth session ID") to the external session database table with the mysql cli client (replace SESSION_ID with the ID from step 3): <code sql>
 +insert into external_session (session_id, external_session_id) values ('SESSION_ID', 'EXTERNAL_SESSION_ID');
 +</code>
 +  - Use the following command to issue a logout request (replace `https://localhost` with your VuFind's address if necessary): <code bash>
 +curl -X POST --header "Content-Type: text/xml;charset=UTF-8" \
 +--data \
 +'<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"> \
 +  <s:Body> \
 +    <LogoutNotification xmlns="urn:mace:shibboleth:2.0:sp:notify" type="global"> \
 +      <SessionID>EXTERNAL_SESSION_ID</SessionID> \
 +    </LogoutNotification> \
 +  </s:Body> \
 +</s:Envelope>' \
 +'https://localhost/soap/shiblogout'
 +</code>
 +===== Advanced Options =====
 +
 +See the [[:configuration:shibboleth:library_cards|Shibboleth and Library Cards]] page for details on setting up Shibboleth with VuFind's optional "Library Cards" feature.
 ---- struct data ---- ---- struct data ----
 +properties.Page Owner : emaijala
 ---- ----
  
configuration/shibboleth.txt · Last modified: 2022/10/28 11:09 by demiankatz