- This patch adds shibboleth authentication to the staff client.
- Depending upon how your url structure works, you may or may not need a
second native shibboleth service provider profile configured for this
to work.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
}
# If we are in a shibboleth session (shibboleth is enabled, a shibboleth match attribute is set and matches koha matchpoint)
- if ( $shib and $shib_login and $shibSuccess and $type eq 'opac' ) {
-
- # (Note: $type eq 'opac' condition should be removed when shibboleth authentication for intranet will be implemented)
+ if ( $shib and $shib_login and $shibSuccess) {
logout_shib($query);
}
}
my $shibSuccess = 0;
my ( $return, $cardnumber );
- # If shib is enabled and we have a shib login, does the login match a valid koha user
- if ( $shib && $shib_login && $type eq 'opac' ) {
+ # If shib is enabled and we have a shib login, does the login match a valid koha user
+ if ( $shib && $shib_login ) {
my $retuserid;
# Do not pass password here, else shib will not be checked in checkpw.
return 0;
}
+
# Logout from Shibboleth
sub logout_shib {
my ($query) = @_;
sub _get_uri {
my $protocol = "https://";
+ my $interface = C4::Context->interface;
+ $debug and warn "shibboleth interface: " . $interface;
+
+ my $return;
+ my $uri;
+ if ( $interface eq 'intranet' ) {
- my $uri = C4::Context->preference('OPACBaseURL') // '';
- if ($uri eq '') {
- $debug and warn 'OPACBaseURL not set!';
+ $uri = C4::Context->preference('staffClientBaseURL') // '';
+ if ($uri eq '') {
+ $debug and warn 'staffClientBaseURL not set!';
+ }
+ } else {
+ $uri = C4::Context->preference('OPACBaseURL') // '';
+ if ($uri eq '') {
+ $debug and warn 'OPACBaseURL not set!';
+ }
}
+
if ($uri =~ /(.*):\/\/(.*)/) {
my $oldprotocol = $1;
if ($oldprotocol ne 'https') {
$debug
and warn
- 'Shibboleth requires OPACBaseURL to use the https protocol!';
+ 'Shibboleth requires OPACBaseURL/staffClientBaseURL to use the https protocol!';
}
$uri = $2;
}
-
my $return = $protocol . $uri;
return $return;
}
<div id="login_error"><strong>Error: </strong>Invalid username or password</div>
[% END %]
+[% IF (shibbolethAuthentication) %]
+<!-- This is what is displayed if shib login has failed -->
+[% IF (invalidShibLogin ) %]
+<div id="login_error"><Strong>Error: </strong>Shibboleth login failed</div>
+[% END %]
+<p>If you have a shibboleth account, please <a href="[% shibbolethLoginUrl %]">click here</a> to login.</p>
+[% END %]
+
<!-- login prompt time-->
<form action="[% script_name | html %]" method="post" name="loginform" id="loginform">
<input type="hidden" name="koha_login_context" value="intranet" />