wishlist: Single Sign on for Evergreen OPAC
Bug #1871211 reported by
Andrea Neiman
This bug affects 7 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
This project is sponsored by Linn-Benton Community College and BC Libraries Cooperative.
We will be creating a single sign-on mechanism for the OPAC allowing authentication to happen against a configurable external source.
Availability and parameters of the feature will be controlled by various new library settings.
Full specs can be seen here:
https:/
tags: | added: signedoff |
Changed in evergreen: | |
assignee: | nobody → Jane Sandberg (sandbej) |
Changed in evergreen: | |
assignee: | Jane Sandberg (sandbej) → nobody |
status: | New → Fix Committed |
tags: | removed: needsreleasenote |
Changed in evergreen: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Here is a branch implementing Shibboleth-based patron SSO for Evergreen. From the commit message:
This commit adds Shibboleth integration to Evergreen for use in the OPAC. Using Shibboleth, libraries can authenticate patrons against a wide variety of 3rd party services, using many different protocols and standards.
Several settings control if, when and how to make use of the Shibboleth integration:
* Enable Shibboleth SSO for the OPAC
- The main on/off switch.
* Allow both Shibboleth and native OPAC authentication
- By default only one or the other will be allowed. This enables both native and Shibboleth login.
* Log out of the Shibboleth IdP
- If supported by the IdP configured for use on the other side of Shibboleth, this tells Evergreen to tell Shibboleth to log out of the IdP on Evergreen logout.
* Shibboleth SSO Entity ID
- If multiple IdPs are configured for Shibboleth, and available to a particular hostname, this setting defines the one to use for a given context org unit.
* Evergreen SSO matchpoint
- The Evergreen-side user field to use when looking up the patron after successful SSO login.
* Shibboleth SSO matchpoint
- The Shibboleth-side field, defined in the attribute map, that contains the IdP user identifier value used to look up the Evergreen patron.
Two apache sesttings control how Evergreen interacts with Shibboeth:
* SetEnv sso_loc XXX, which acts in a way analogous to the physical_loc environment variable to define the context OU for SSO settings.
* ShibRequestSetting applicationId XXX, which helps Shibboleth identify the correct set of entity ID and attribute mapping configuration.
Additional Shibboleth-focused documentation and examples will be provided for system administrators.
https:/ /git.evergreen- ils.org/ ?p=working/ Evergreen. git;a=shortlog; h=refs/ heads/user/ miker/lp- 1871211- Shib-patron- SSO