Google Authentication to all gmail account.
Greetings, Is is possible for us to log-in using gmail account without adding our patrons from patrons list? Will just limit our patrons from our domain name. Thank you and best regards! -- View this message in context: http://koha.1045719.n5.nabble.com/Google-Authentication-to-all-gmail-account... Sent from the Koha-general mailing list archive at Nabble.com.
Sure will be, when bug 10988 lands in the May release! On Mon, 2 May 2016 at 11:25 am, Jerwyn <os.jerwynfernandez@gmail.com> wrote:
Greetings,
Is is possible for us to log-in using gmail account without adding our patrons from patrons list?
Will just limit our patrons from our domain name.
Thank you and best regards!
-- View this message in context: http://koha.1045719.n5.nabble.com/Google-Authentication-to-all-gmail-account... Sent from the Koha-general mailing list archive at Nabble.com. _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Thanks a lot for this brother! I was able to read this bug 10988 However, I got confused with the test plan which will prohibit those users that are not registered to a library user. Test Plan: 1) Apply this patch 2) Update the database (this is the bit I'm not sure about - I've added the SQL into the atomicupdates directory - is this right?) 3) Create a web app in the google cloud console: - Go to https://cloud.google.com/console - Create a project, and give it some details - Open the Project by clicking on it - Under APIs & auth menu, open "Registered Apps" and click "Register App" - Give it a name and make sure you select "Web app", click ok - Under OAuth 2.0 Client ID, - under web origin, type <your_opac_address> - in the redirect uri enter <your_opac_address>/cgi-bin/koha/svc/googleoauth2 - click Generate 4) Set the GoogleOAuth2ClientID and GoogleOAuth2ClientSecret according to the values generated above 5) Test that clicking login intiates an oauth2 login6) Try logging in with an email that is not registered to a library user. It should fail and offer either to retry or to login manually. 7) Try logging in with an email that is registered to a library user. You should be logged in. Kind regards, On Mon, May 2, 2016 at 12:26 PM, Nicholas van Rheede van Oudtshoorn < vanoudt@gmail.com> wrote:
Sure will be, when bug 10988 lands in the May release! On Mon, 2 May 2016 at 11:25 am, Jerwyn <os.jerwynfernandez@gmail.com> wrote:
Greetings,
Is is possible for us to log-in using gmail account without adding our patrons from patrons list?
Will just limit our patrons from our domain name.
Thank you and best regards!
-- View this message in context: http://koha.1045719.n5.nabble.com/Google-Authentication-to-all-gmail-account... Sent from the Koha-general mailing list archive at Nabble.com. _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
-- - Jerwyn Fernandez, RL Koha Support Specialist OS Library Solutions (63) 9336734607 (02) 7383209
Ah! Gotcha. Hmmmm.... Not sure about autocreating users. Not impossible to do, but not the best idea, I'd suggest. Do you manually create users? If so, just setting tier email address to a gmail or gmail apps email address will let them log in... On Mon, 2 May 2016 at 12:56 pm, Jerwyn Fernandez < os.jerwynfernandez@gmail.com> wrote:
Thanks a lot for this brother!
I was able to read this bug 10988
However, I got confused with the test plan which will prohibit those users that are not registered to a library user.
Test Plan: 1) Apply this patch 2) Update the database (this is the bit I'm not sure about - I've added the SQL into the atomicupdates directory - is this right?) 3) Create a web app in the google cloud console: - Go to https://cloud.google.com/console - Create a project, and give it some details - Open the Project by clicking on it - Under APIs & auth menu, open "Registered Apps" and click "Register App" - Give it a name and make sure you select "Web app", click ok - Under OAuth 2.0 Client ID, - under web origin, type <your_opac_address> - in the redirect uri enter <your_opac_address>/cgi-bin/koha/svc/googleoauth2 - click Generate 4) Set the GoogleOAuth2ClientID and GoogleOAuth2ClientSecret according to the values generated above 5) Test that clicking login intiates an oauth2 login6) Try logging in with an email that is not registered to a library user. It should fail and offer either to retry or to login manually. 7) Try logging in with an email that is registered to a library user. You should be logged in.
Kind regards,
On Mon, May 2, 2016 at 12:26 PM, Nicholas van Rheede van Oudtshoorn < vanoudt@gmail.com> wrote:
Sure will be, when bug 10988 lands in the May release! On Mon, 2 May 2016 at 11:25 am, Jerwyn <os.jerwynfernandez@gmail.com> wrote:
Greetings,
Is is possible for us to log-in using gmail account without adding our patrons from patrons list?
Will just limit our patrons from our domain name.
Thank you and best regards!
-- View this message in context: http://koha.1045719.n5.nabble.com/Google-Authentication-to-all-gmail-account... Sent from the Koha-general mailing list archive at Nabble.com. _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
-- - Jerwyn Fernandez, RL Koha Support Specialist OS Library Solutions (63) 9336734607 (02) 7383209
Actually, our main concern is our library clients come and go always. And we do not want to add library users everytime we have new employees. My question main question is, is it possible for us to log-in using gmail account without adding our patrons from patrons list or adding them in Koha patrons? You said yes on this right? Maybe we have misunderstanding on this. haha :) If this is the case it will resolve our issue. :) Thanks for your prompt reply Nick! On Mon, May 2, 2016 at 1:13 PM, Nicholas van Rheede van Oudtshoorn < vanoudt@gmail.com> wrote:
Ah! Gotcha. Hmmmm.... Not sure about autocreating users. Not impossible to do, but not the best idea, I'd suggest. Do you manually create users? If so, just setting tier email address to a gmail or gmail apps email address will let them log in...
On Mon, 2 May 2016 at 12:56 pm, Jerwyn Fernandez < os.jerwynfernandez@gmail.com> wrote:
Thanks a lot for this brother!
I was able to read this bug 10988
However, I got confused with the test plan which will prohibit those users that are not registered to a library user.
Test Plan: 1) Apply this patch 2) Update the database (this is the bit I'm not sure about - I've added the SQL into the atomicupdates directory - is this right?) 3) Create a web app in the google cloud console: - Go to https://cloud.google.com/console - Create a project, and give it some details - Open the Project by clicking on it - Under APIs & auth menu, open "Registered Apps" and click "Register App" - Give it a name and make sure you select "Web app", click ok - Under OAuth 2.0 Client ID, - under web origin, type <your_opac_address> - in the redirect uri enter <your_opac_address>/cgi-bin/koha/svc/googleoauth2 - click Generate 4) Set the GoogleOAuth2ClientID and GoogleOAuth2ClientSecret according to the values generated above 5) Test that clicking login intiates an oauth2 login6) Try logging in with an email that is not registered to a library user. It should fail and offer either to retry or to login manually. 7) Try logging in with an email that is registered to a library user. You should be logged in.
Kind regards,
On Mon, May 2, 2016 at 12:26 PM, Nicholas van Rheede van Oudtshoorn < vanoudt@gmail.com> wrote:
Sure will be, when bug 10988 lands in the May release! On Mon, 2 May 2016 at 11:25 am, Jerwyn <os.jerwynfernandez@gmail.com> wrote:
Greetings,
Is is possible for us to log-in using gmail account without adding our patrons from patrons list?
Will just limit our patrons from our domain name.
Thank you and best regards!
-- View this message in context: http://koha.1045719.n5.nabble.com/Google-Authentication-to-all-gmail-account... Sent from the Koha-general mailing list archive at Nabble.com. _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
-- - Jerwyn Fernandez, RL Koha Support Specialist OS Library Solutions (63) 9336734607 (02) 7383209
-- - Jerwyn Fernandez, RL Koha Support Specialist OS Library Solutions (63) 9336734607 (02) 7383209
On 02/05/16 15:41, Jerwyn Fernandez wrote:
Actually, our main concern is our library clients come and go always. And we do not want to add library users everytime we have new employees.
My question main question is, is it possible for us to log-in using gmail account without adding our patrons from patrons list or adding them in Koha patrons?
Hi Jerwyn, Do your patrons borrow from the library? Presumably you want them to be able to log in so that they can view and renew their current and past loans and (if applicable) view any fines? Koha's circulation rules are based on branch code and patron category. So unless you create a user record in Koha (by whatever method) that contains at least a branch code and a patron category, your patrons will not be able to borrow. It seems to me that you will have to create a minimal patron record containing at least a branch code, patron category and gmail address, plus any other fields nominated in your BorrowerMandatoryField system preference - typically Surname and Cardnumber. HTH, Bob Birchall Calyx
Dear Bob, Thanks for writing in! Your response enlightened us more about google authentication. It seems like that our use case is not possible with what Koha is capable of, at the moment. Thank you so much again and have a nice day ahead! -- View this message in context: http://koha.1045719.n5.nabble.com/Google-Authentication-to-all-gmail-account... Sent from the Koha-general mailing list archive at Nabble.com.
When I first read this, I was thinking from the standpoint of an institutional library that issues e-mail accounts via one of the Google Apps for My Domain programs (ie: Google Apps for Ed/Gov/Work). Otherwise, it seems like you're favoring one kind of e-mail account that, while popular, still only accounts for a small fraction of potential users. With an institutional Google Apps domain, it is possible now to set up the domain as a SAML identity provider, and set up Koha as a saml service provider (via Shibboleth <https://wiki.koha-community.org/wiki/Shibboleth_Configuration>) that will trust the Google Apps domain. This still won't create accounts on the fly, but in this context you have an authoritative source of users you could periodically batch-preload into Koha. Incidentally, reading the original bug report for 10988, this configuration would also completely satisfy that use case. Oauth support is useful for it's own merits, but saml is probably the better choice in the context of allowing users within an institution to log in to both services via a single account. Oauth is better when you are allowing users from outside the institution. Joel Coehoorn Director of Information Technology 402.363.5603 *jcoehoorn@york.edu <jcoehoorn@york.edu>* The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society On Mon, May 2, 2016 at 6:41 AM, Jerwyn <os.jerwynfernandez@gmail.com> wrote:
Dear Bob,
Thanks for writing in!
Your response enlightened us more about google authentication.
It seems like that our use case is not possible with what Koha is capable of, at the moment.
Thank you so much again and have a nice day ahead!
-- View this message in context: http://koha.1045719.n5.nabble.com/Google-Authentication-to-all-gmail-account... Sent from the Koha-general mailing list archive at Nabble.com. _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Dear Sir Joel and the rest of the community, Really appreciate your feedback on this matter. As you have said using SAML would be the best option for our use case, still won't create accounts on the fly. Since our use case is eagerly in need of creating accounts in Koha through google authentication on the fly, just like when you log-in to Lazada, Cincopa, Interverser and a like that uses google authentication. https://www.lazada.com.ph/customer/account/create/?referer=%2F https://www.cincopa.com/login.aspx https://my.interserver.net/login.php Bob mentioned in the previous comment, that Koha's circulation rules are based on branch code and patron category. What I am thinking if possible to set a default library branch and patron category when logging in using google authentication so that it will create accounts on the fly! I believe this is out of the capability of Koha as of the moment, that is why I am requesting the community to develop our use case if possible. I'm not really sure how it works, with regards to who will develop and the development process and about the funding. As per my team initial discussion, we will fund this project/development once we have the quotation and discuss it over with the management if they are amenable with the development and with the pricing. On behalf of my team, I am humbly requesting the community if there is someone who is willing to develop our use case. Hope for your kind and consideration for our request. Looking forward to this! On Mon, May 2, 2016 at 10:31 PM, Coehoorn, Joel <jcoehoorn@york.edu> wrote:
When I first read this, I was thinking from the standpoint of an institutional library that issues e-mail accounts via one of the Google Apps for My Domain programs (ie: Google Apps for Ed/Gov/Work). Otherwise, it seems like you're favoring one kind of e-mail account that, while popular, still only accounts for a small fraction of potential users.
With an institutional Google Apps domain, it is possible now to set up the domain as a SAML identity provider, and set up Koha as a saml service provider (via Shibboleth <https://wiki.koha-community.org/wiki/Shibboleth_Configuration>) that will trust the Google Apps domain. This still won't create accounts on the fly, but in this context you have an authoritative source of users you could periodically batch-preload into Koha. Incidentally, reading the original bug report for 10988, this configuration would also completely satisfy that use case. Oauth support is useful for it's own merits, but saml is probably the better choice in the context of allowing users within an institution to log in to both services via a single account. Oauth is better when you are allowing users from outside the institution.
Joel Coehoorn Director of Information Technology 402.363.5603 *jcoehoorn@york.edu <jcoehoorn@york.edu>*
The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society
On Mon, May 2, 2016 at 6:41 AM, Jerwyn <os.jerwynfernandez@gmail.com> wrote:
Dear Bob,
Thanks for writing in!
Your response enlightened us more about google authentication.
It seems like that our use case is not possible with what Koha is capable of, at the moment.
Thank you so much again and have a nice day ahead!
-- View this message in context: http://koha.1045719.n5.nabble.com/Google-Authentication-to-all-gmail-account... Sent from the Koha-general mailing list archive at Nabble.com. _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
-- - Jerwyn Fernandez, RL Koha Support Specialist OS Library Solutions (63) 9336734607 (02) 7383209
participants (5)
-
Bob Birchall -
Coehoorn, Joel -
Jerwyn -
Jerwyn Fernandez
-
Nicholas van Rheede van Oudtshoorn