Difference between revisions of "Shibboleth and other auth modules"

Revision as of 17:42, 9 February 2024

Prerequisites

installed functional Shibboleth-sp in Apache2 (or SW with similar functionality). The installation is beyond the scope of this document.

How does it work

When enabled in the GUI settings then the GUI search for the REMOTE_USER header (provided by Shibboleth sp) and uses it as auth user.

Configuration

enable it with GUI->Settings->System configuration : Use Shibboleth for auth
One user can be setup as default user for Shibboleth. See 'Default Shibboleth account' checkbox in GUI->Users & Audit->Users -> selected user

Usage

after the Shibboleth auth the GUI's Shibboleth button will appear in GUI login dialog
after clicking on this button the content of REMOTE_USER header is used as the user in the GUI database for getting user's privileges
if an user is not found then the user with set checkbox 'Default Shibboleth account' is used (if set)
login is done

Note about logout

The Shibboleth logout URL is constructed from Shib-Handler header + '/Logout' string. If not available then from HTTP_HOST header + '/Shibboleth.sso/Logout' string.

@@ Line 10: / Line 10: @@
 * enable it with GUI->Settings->System configuration : Use Shibboleth for auth
+* One user can be setup as default user for Shibboleth. See 'Default Shibboleth account' checkbox in GUI->Users & Audit->Users -> selected user
 == Usage ==
@@ Line 15: / Line 16: @@
 * after the Shibboleth auth the GUI's Shibboleth button will appear in GUI login dialog
 * after clicking on this button the content of REMOTE_USER header is used as the user in the GUI database for getting user's privileges
+* if an user is not found then the user with set checkbox 'Default Shibboleth account' is used (if set)
 * login is done
 == Note about logout ==
 The Shibboleth logout URL is constructed from Shib-Handler header + '/Logout' string. If not available then from HTTP_HOST header + '/Shibboleth.sso/Logout' string.