C4::Auth_with_shibboleth
use C4::Auth_with_shibboleth;
This module is specific to Shibboleth authentication in koha and relies heavily upon the native shibboleth service provider package in your operating system.
To use this type of authentication these additional packages are required:
We let the native shibboleth service provider packages handle all the complexities of shibboleth negotiation for us, and configuring this is beyond the scope of this documentation.
But to sum up, to get shibboleth working in koha, as a minimum you will need to:
This is as simple as adding the below to your virtualhost config:
<Location /> AuthType shibboleth Require shibboleth </Location>
This is as simple as enabling useshibboleth in koha-conf.xml:
<useshibboleth>1</useshibboleth>
<shibboleth> <matchpoint>userid<matchpoint> <!-- koha borrower field to match upon --> <mapping> <userid is="eduPersonID"></userid> <!-- koha borrower field to shibboleth attribute mapping --> </mapping> </shibboleth>
Note: The minimum you need here is a <matchpoint> block, containing a valid column name from the koha borrowers table, and a <mapping> block containing a relation between the chosen matchpoint and the shibboleth attribute name.
It should be as simple as that; you should now be able to login via shibboleth in the opac.
If you need more help configuring your Service Provider to authenticate against a chosen Identity Provider then it might be worth taking a look at the community wiki page
Sends a logout signal to the native shibboleth service provider and then logs out of koha. Depending upon the native service provider configuration and identity provider capabilities this may or may not perform a single sign out action.
logout_shib($query);
Given a query, this will return a shibboleth login url with return code to page with given given query.
my $shibLoginURL = login_shib_url($query);
Returns the shibboleth login attribute should it be found present in the http session
my $shib_login = get_login_shib();
Given a database handle and a shib_login attribute, this routine checks for a matching local user and if found returns true, their cardnumber and their userid. If a match is not found, then this returns false.
my ( $retval, $retcard, $retuserid ) = C4::Auth_with_shibboleth::checkpw_shib( $shib_login );