Koha, Shibboleth and autocreation of users
Hi We are trying to implement Shibboleth with Koha. As far as I understand Shibboleth is just about authentication (allowing users to sign in using just one identity to various systems). Now the library (that doesn't want to link Koha to LDAP directly) suggests that Koha should create a user the first time when that user logs into Koha through Shibboleth resp. the single sign-on IDP. The SSO IDP is using underlying LDAP to give back the "mail" and "uid" attributes from LDAP. Is it possible that Koha autocreates new users this way? I couldn't really find the answer to this or the way to go in https://wiki.koha-community.org/wiki/Shibboleth_Configuration but then again I am trying to implement Shibboleth in Koha the very first time... Best wishes: Michael -- Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz T 0041 (0)61 261 55 61 · E mik@adminkuhn.ch · W www.adminkuhn.ch
Hi Michael, Reading the code you need a "autocreate" set to 1 in the config. And then you need to map the attributes with the "mapping" entry. Regards, Jonathan Le mer. 26 mai 2021 à 18:59, Michael Kuhn <mik@adminkuhn.ch> a écrit :
Hi
We are trying to implement Shibboleth with Koha. As far as I understand Shibboleth is just about authentication (allowing users to sign in using just one identity to various systems).
Now the library (that doesn't want to link Koha to LDAP directly) suggests that Koha should create a user the first time when that user logs into Koha through Shibboleth resp. the single sign-on IDP. The SSO IDP is using underlying LDAP to give back the "mail" and "uid" attributes from LDAP.
Is it possible that Koha autocreates new users this way?
I couldn't really find the answer to this or the way to go in https://wiki.koha-community.org/wiki/Shibboleth_Configuration but then again I am trying to implement Shibboleth in Koha the very first time...
Best wishes: Michael -- Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz T 0041 (0)61 261 55 61 · E mik@adminkuhn.ch · W www.adminkuhn.ch _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Hi Michael, I looked up the old bugs for the feature, the keyword to look for is 'provisioning': *Bug 12026* <https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12026> - Shibboleth auto-provisioning - Create *Bug 18507* <https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18507> - Shibboleth auto-provisioning - Sync One current limitation appears to be the mapping of extended patron attributes: *Bug 22459* <https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22459> - Shibboleth create/sync: Allow mapping of extended patron attributes Hope this helps, Katrin On 27.05.21 09:15, Jonathan Druart wrote:
Hi Michael,
Reading the code you need a "autocreate" set to 1 in the config. And then you need to map the attributes with the "mapping" entry.
Regards, Jonathan
Le mer. 26 mai 2021 à 18:59, Michael Kuhn<mik@adminkuhn.ch> a écrit :
Hi
We are trying to implement Shibboleth with Koha. As far as I understand Shibboleth is just about authentication (allowing users to sign in using just one identity to various systems).
Now the library (that doesn't want to link Koha to LDAP directly) suggests that Koha should create a user the first time when that user logs into Koha through Shibboleth resp. the single sign-on IDP. The SSO IDP is using underlying LDAP to give back the "mail" and "uid" attributes from LDAP.
Is it possible that Koha autocreates new users this way?
I couldn't really find the answer to this or the way to go in https://wiki.koha-community.org/wiki/Shibboleth_Configuration but then again I am trying to implement Shibboleth in Koha the very first time...
Best wishes: Michael -- Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz T 0041 (0)61 261 55 61 · Emik@adminkuhn.ch · Wwww.adminkuhn.ch _______________________________________________
Koha mailing listhttp://koha-community.org Koha@lists.katipo.co.nz Unsubscribe:https://lists.katipo.co.nz/mailman/listinfo/koha
Koha mailing listhttp://koha-community.org Koha@lists.katipo.co.nz Unsubscribe:https://lists.katipo.co.nz/mailman/listinfo/koha
Hi Katrin and Jonathan Many thanks for your valuable information! Using "autocreate" we now succeeded to configure a working single-sign on using Shibboleth! Everybody is happy now! Best wishes: Michael -- Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz T 0041 (0)61 261 55 61 · E mik@adminkuhn.ch · W www.adminkuhn.ch Am 27.05.21 um 09:15 schrieb Jonathan Druart:
Hi Michael,
Reading the code you need a "autocreate" set to 1 in the config. And then you need to map the attributes with the "mapping" entry.
Regards, Jonathan
Am 30.05.21 um 12:22 schrieb Katrin Fischer:
Hi Michael,
I looked up the old bugs for the feature, the keyword to look for is 'provisioning':
*Bug 12026* <https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12026> - Shibboleth auto-provisioning - Create *Bug 18507* <https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18507> - Shibboleth auto-provisioning - Sync
One current limitation appears to be the mapping of extended patron attributes:
*Bug 22459* <https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22459> - Shibboleth create/sync: Allow mapping of extended patron attributes
Hope this helps,
Katrin
participants (3)
-
Jonathan Druart -
Katrin Fischer -
Michael Kuhn