Bug 17776: Enable Shibboleth for Plack

https://bugs.koha-community.org/show_bug.cgi?id=17776

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 7d330b5..303db34 100644 (file)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -76,16 +76,7 @@ BEGIN {
           qw(shib_ok checkpw_shib logout_shib login_shib_url get_login_shib);
 
         # Check for good config
-        if ( shib_ok() ) {
-
-            # Get shibboleth login attribute
-            $shib_login = get_login_shib();
-        }
-
-        # Bad config, disable shibboleth
-        else {
-            $shib = 0;
-        }
+        $shib = 0 unless shib_ok();
     }
     if ($cas) {
         import C4::Auth_with_cas qw(check_api_auth_cas checkpw_cas login_cas logout_cas login_cas_url logout_if_required);
@@ -161,6 +152,9 @@ sub get_template_and_user {
     my $in = shift;
     my ( $user, $cookie, $sessionID, $flags );
 
+    # Get shibboleth login attribute
+    $shib_login = get_login_shib() if $shib;
+
     C4::Context->interface( $in->{type} );
 
     $in->{'authnotrequired'} ||= 0;
@@ -790,6 +784,10 @@ sub _timeout_syspref {
 sub checkauth {
     my $query = shift;
     $debug and warn "Checking Auth";
+
+    # Get shibboleth login attribute
+    $shib_login = get_login_shib() if $shib;
+
     # $authnotrequired will be set for scripts which will run without authentication
     my $authnotrequired = shift;
     my $flagsrequired   = shift;

diff --git a/C4/Auth_with_shibboleth.pm b/C4/Auth_with_shibboleth.pm
index 421a562..371f015 100644 (file)
--- a/C4/Auth_with_shibboleth.pm
+++ b/C4/Auth_with_shibboleth.pm
@@ -27,6 +27,7 @@ use Koha::Patrons;
 use C4::Members::Messaging;
 use Carp;
 use CGI;
+use List::Util qw(any);
 
 use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug);
 
@@ -82,9 +83,14 @@ sub get_login_shib {
     my $config = _get_shib_config();
 
     my $matchAttribute = $config->{mapping}->{ $config->{matchpoint} }->{is};
-    $debug and warn $matchAttribute . " value: " . $ENV{$matchAttribute};
 
-    return $ENV{$matchAttribute} || '';
+    if ( any { /(^psgi|^plack)/i } keys %ENV ) {
+      $debug and warn $matchAttribute . " value: " . $ENV{"HTTP_".uc($matchAttribute)};
+      return $ENV{"HTTP_".uc($matchAttribute)} || '';
+    } else {
+      $debug and warn $matchAttribute . " value: " . $ENV{$matchAttribute};
+      return $ENV{$matchAttribute} || '';
+    }
 }
 
 # Checks for password correctness
@@ -247,11 +253,20 @@ Map their attributes to what you want to see in koha
 
 Tell apache that we wish to allow koha to authenticate via shibboleth.
 
-This is as simple as adding the below to your virtualhost config:
+This is as simple as adding the below to your virtualhost config (for CGI running):
+
+ <Location />
+   AuthType shibboleth
+   Require shibboleth
+ </Location>
+
+Or (for Plack running):
 
  <Location />
    AuthType shibboleth
    Require shibboleth
+   ShibUseEnvironment Off
+   ShibUseHeaders On
  </Location>
 
 =item 5.