X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=C4%2FAuth_with_shibboleth.pm;h=24246d51ecd00b664b7389bf4995d81345e4ed1b;hb=925f4ca1da780255163231a9d90cfe2e5424b943;hp=5485527712f987d04045fa8044612d49e65ab9be;hpb=9df099dc114d0101ef1091c30662a537e53e9826;p=koha.git
diff --git a/C4/Auth_with_shibboleth.pm b/C4/Auth_with_shibboleth.pm
index 5485527712..24246d51ec 100644
--- a/C4/Auth_with_shibboleth.pm
+++ b/C4/Auth_with_shibboleth.pm
@@ -27,6 +27,7 @@ use Koha::Patrons;
use C4::Members::Messaging;
use Carp;
use CGI;
+use List::Util qw(any);
use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug);
@@ -49,7 +50,6 @@ sub shib_ok {
return 0;
}
-
# Logout from Shibboleth
sub logout_shib {
my ($query) = @_;
@@ -83,9 +83,14 @@ sub get_login_shib {
my $config = _get_shib_config();
my $matchAttribute = $config->{mapping}->{ $config->{matchpoint} }->{is};
- $debug and warn $matchAttribute . " value: " . $ENV{$matchAttribute};
- return $ENV{$matchAttribute} || '';
+ if ( any { /(^psgi\.|^plack\.)/i } keys %ENV ) {
+ $debug and warn $matchAttribute . " value: " . $ENV{"HTTP_".uc($matchAttribute)};
+ return $ENV{"HTTP_".uc($matchAttribute)} || '';
+ } else {
+ $debug and warn $matchAttribute . " value: " . $ENV{$matchAttribute};
+ return $ENV{$matchAttribute} || '';
+ }
}
# Checks for password correctness
@@ -120,7 +125,11 @@ sub _autocreate {
my %borrower = ( $config->{matchpoint} => $match );
while ( my ( $key, $entry ) = each %{$config->{'mapping'}} ) {
- $borrower{$key} = ( $entry->{'is'} && $ENV{ $entry->{'is'} } ) || $entry->{'content'} || '';
+ if ( any { /(^psgi|^plack)/i } keys %ENV ) {
+ $borrower{$key} = ( $entry->{'is'} && $ENV{"HTTP_" . uc($entry->{'is'}) } ) || $entry->{'content'} || '';
+ } else {
+ $borrower{$key} = ( $entry->{'is'} && $ENV{ $entry->{'is'} } ) || $entry->{'content'} || '';
+ }
}
my $patron = Koha::Patron->new( \%borrower )->store;
@@ -135,7 +144,6 @@ sub _get_uri {
my $interface = C4::Context->interface;
$debug and warn "shibboleth interface: " . $interface;
- my $return;
my $uri;
if ( $interface eq 'intranet' ) {
@@ -167,7 +175,7 @@ sub _get_shib_config {
my $config = C4::Context->config('shibboleth');
if ( !$config ) {
- carp 'shibboleth config not defined';
+ carp 'shibboleth config not defined' if $debug;
return 0;
}
@@ -249,13 +257,24 @@ Map their attributes to what you want to see in koha
Tell apache that we wish to allow koha to authenticate via shibboleth.
-This is as simple as adding the below to your virtualhost config:
+This is as simple as adding the below to your virtualhost config (for CGI running):
AuthType shibboleth
Require shibboleth
+Or (for Plack running):
+
+
+ AuthType shibboleth
+ Require shibboleth
+ ShibUseEnvironment Off
+ ShibUseHeaders On
+
+
+IMPORTANT: Please note, if you are running in the plack configuration you should consult https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSpoofChecking for security advice regarding header spoof checking settings. (See also bug 17776 on Bugzilla about enabling ShibUseHeaders.)
+
=item 5.
Configure koha to listen for shibboleth environment variables.
@@ -309,6 +328,22 @@ Given a shib_login attribute, this routine checks for a matching local user and
my ( $retval, $retcard, $retuserid ) = C4::Auth_with_shibboleth::checkpw_shib( $shib_login );
+=head2 _get_uri
+
+ _get_uri();
+
+A sugar function to that simply returns the current page URI with appropriate protocol attached
+
+This routine is NOT exported
+
+=head2 _get_shib_config
+
+ my $config = _get_shib_config();
+
+A sugar function that checks for a valid shibboleth configuration, and if found returns a hashref of it's contents
+
+This routine is NOT exported
+
=head2 _autocreate
my ( $retval, $retcard, $retuserid ) = _autocreate( $config, $match );