Shibboleth implementation
I've been trying to work on switching our login authorization to Shibboleth using the information in the Koha Community Wiki. But I've hit some issues which I've not been able to fully understand. For my particular site, the SSO provider is an OKTA instance. Anyone out there who has Koha working with this combination (Shibboleth and OKTA)? I could use some coaching through the various options. Thanks, Tom -- *Tom Hanstra* *Sr. Systems Administrator* hanstra@nd.edu <http://library.nd.edu/>
Seems to have solved the problem by cronning (scheduling) incremental zebra re-index as follows */2 * * * * /usr/sbin/koha-rebuild-zebra --force instance Kind regards On Thu, May 2, 2019 at 7:29 PM Tom Hanstra <hanstra@nd.edu> wrote:
I've been trying to work on switching our login authorization to Shibboleth using the information in the Koha Community Wiki. But I've hit some issues which I've not been able to fully understand. For my particular site, the SSO provider is an OKTA instance.
Anyone out there who has Koha working with this combination (Shibboleth and OKTA)? I could use some coaching through the various options.
Thanks, Tom
-- *Tom Hanstra* *Sr. Systems Administrator* hanstra@nd.edu
<http://library.nd.edu/> _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Looks like a response on the wrong thread. In case anyone is reviewing casually, my Shibboleth issue is not resolved and I could still use some assistance. Tom On Thu, May 2, 2019 at 2:07 PM Admire Mutsikiwa <amutsikiwa@gmail.com> wrote:
Seems to have solved the problem by cronning (scheduling) incremental zebra re-index as follows */2 * * * * /usr/sbin/koha-rebuild-zebra --force instance
Kind regards
On Thu, May 2, 2019 at 7:29 PM Tom Hanstra <hanstra@nd.edu> wrote:
I've been trying to work on switching our login authorization to Shibboleth using the information in the Koha Community Wiki. But I've hit some issues which I've not been able to fully understand. For my particular site, the SSO provider is an OKTA instance.
Anyone out there who has Koha working with this combination (Shibboleth and OKTA)? I could use some coaching through the various options.
Thanks, Tom
-- *Tom Hanstra* *Sr. Systems Administrator* hanstra@nd.edu
<http://library.nd.edu/> _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
-- *Tom Hanstra* *Sr. Systems Administrator* hanstra@nd.edu <http://library.nd.edu/>
A note for the list: I managed to get this (mostly) working today, and then spent some time updating the wiki page <https://wiki.koha-community.org/wiki/Shibboleth_Configuration>, including the sample shibboleth2.xml file, to make it much easier to follow for AD FS folks. I will still need to update the login template, since I also no longer ever want my users to even see the username/password entry fields, but at least the core SSO login piece works and it's an option if you happen to see the "login with shibboleth" link. Joel Coehoorn Director of Information Technology 402.363.5603 *jcoehoorn@york.edu <jcoehoorn@york.edu>* *Please contact helpdesk@york.edu <helpdesk@york.edu> for technical assistance.* The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society On Thu, May 2, 2019 at 12:28 PM Tom Hanstra <hanstra@nd.edu> wrote:
I've been trying to work on switching our login authorization to Shibboleth using the information in the Koha Community Wiki. But I've hit some issues which I've not been able to fully understand. For my particular site, the SSO provider is an OKTA instance.
Anyone out there who has Koha working with this combination (Shibboleth and OKTA)? I could use some coaching through the various options.
Thanks, Tom
-- *Tom Hanstra* *Sr. Systems Administrator* hanstra@nd.edu
<http://library.nd.edu/> _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Thanks for updating the wiki, sorry to hear it was out of date.. it's been on my list to take a look at for a while and make sure it all still made sense. As an alternative to editing the templates and maintaining a local patch yourself indefinitely.. it would be great to see a signoff on bug 18506 - https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18506. All the best, On Fri, 24 May 2019, 7:01 pm Coehoorn, Joel, <jcoehoorn@york.edu> wrote:
A note for the list: I managed to get this (mostly) working today, and then spent some time updating the wiki page <https://wiki.koha-community.org/wiki/Shibboleth_Configuration>, including the sample shibboleth2.xml file, to make it much easier to follow for AD FS folks.
I will still need to update the login template, since I also no longer ever want my users to even see the username/password entry fields, but at least the core SSO login piece works and it's an option if you happen to see the "login with shibboleth" link.
Joel Coehoorn Director of Information Technology 402.363.5603 *jcoehoorn@york.edu <jcoehoorn@york.edu>*
*Please contact helpdesk@york.edu <helpdesk@york.edu> for technical assistance.*
The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society
On Thu, May 2, 2019 at 12:28 PM Tom Hanstra <hanstra@nd.edu> wrote:
I've been trying to work on switching our login authorization to Shibboleth using the information in the Koha Community Wiki. But I've hit some issues which I've not been able to fully understand. For my particular site, the SSO provider is an OKTA instance.
Anyone out there who has Koha working with this combination (Shibboleth and OKTA)? I could use some coaching through the various options.
Thanks, Tom
-- *Tom Hanstra* *Sr. Systems Administrator* hanstra@nd.edu
<http://library.nd.edu/> _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
That is a good idea, but I think we can do even better. As a college library, 99%+ of our patrons are institutional users. However, we also allow public patrons with limited permissions. These users will not have institutional accounts for use with Shibboleth. Instead, library staff sets up these users with traditional accounts. Thus, I don't want to remove the old username/password login; I just want to demote it, so the shibboleth login is the natural and featured login people will see first. But, again, the perfect is the enemy of the good. Get this existing pull request merged first, and if there's more demand we can further evolve the system to support the additional use case later. Joel Coehoorn Director of Information Technology 402.363.5603 *jcoehoorn@york.edu <jcoehoorn@york.edu>* *Please contact helpdesk@york.edu <helpdesk@york.edu> for technical assistance.* The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society On Mon, May 27, 2019 at 11:51 AM Renvoize, Martin < martin.renvoize@ptfs-europe.com> wrote:
Thanks for updating the wiki, sorry to hear it was out of date.. it's been on my list to take a look at for a while and make sure it all still made sense.
As an alternative to editing the templates and maintaining a local patch yourself indefinitely.. it would be great to see a signoff on bug 18506 - https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18506.
All the best,
On Fri, 24 May 2019, 7:01 pm Coehoorn, Joel, <jcoehoorn@york.edu> wrote:
A note for the list: I managed to get this (mostly) working today, and then spent some time updating the wiki page <https://wiki.koha-community.org/wiki/Shibboleth_Configuration>, including the sample shibboleth2.xml file, to make it much easier to follow for AD FS folks.
I will still need to update the login template, since I also no longer ever want my users to even see the username/password entry fields, but at least the core SSO login piece works and it's an option if you happen to see the "login with shibboleth" link.
Joel Coehoorn Director of Information Technology 402.363.5603 *jcoehoorn@york.edu <jcoehoorn@york.edu>*
*Please contact helpdesk@york.edu <helpdesk@york.edu> for technical assistance.*
The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society
On Thu, May 2, 2019 at 12:28 PM Tom Hanstra <hanstra@nd.edu> wrote:
I've been trying to work on switching our login authorization to Shibboleth using the information in the Koha Community Wiki. But I've hit some issues which I've not been able to fully understand. For my particular site, the SSO provider is an OKTA instance.
Anyone out there who has Koha working with this combination (Shibboleth and OKTA)? I could use some coaching through the various options.
Thanks, Tom
-- *Tom Hanstra* *Sr. Systems Administrator* hanstra@nd.edu
<http://library.nd.edu/> _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
participants (4)
-
Admire Mutsikiwa -
Coehoorn, Joel -
Renvoize, Martin -
Tom Hanstra