Shibboleth and other auth modules: Difference between revisions
Jump to navigation
Jump to search
m (Milan moved page Shibboleth auth to Shibboleth and other auth modules) |
|
(No difference)
| |
Revision as of 11:31, 26 February 2024
Prerequisites
- installed functional Shibboleth-sp in Apache2 (or SW with similar functionality). The installation is beyond the scope of this document.
How does it work
When enabled in the GUI settings then the GUI search for the REMOTE_USER header (provided by Shibboleth sp) and uses it as auth user.
Configuration
- enable it with GUI->Settings->System configuration : Use Shibboleth for auth
- it still requires some GUI's users for privileges settings
- One user can be setup as default user for Shibboleth. See 'Default Shibboleth account' checkbox in GUI->Users & Audit->Users -> selected user
Usage
- after the Shibboleth auth the GUI's Shibboleth button will appear in GUI login dialog
- after clicking on this button the content of REMOTE_USER header is used as the user in the GUI database for getting user's privileges
- if an user is not found then the user with set checkbox 'Default Shibboleth account' is used (if set)
- login is done
Note about logout
The Shibboleth logout URL is constructed from Shib-Handler header + '/Logout' string. If not available then from HTTP_HOST header + '/Shibboleth.sso/Logout' string.