[Koha] Shibboleth-only authentication

Renvoize, Martin martin.renvoize at ptfs-europe.com
Thu Apr 1 01:28:08 NZDT 2021 

Hi Andy,

In the sites I worked with when developing this feature the 'no login link
at all if already logged in' was indeed the intended behaviour.  I imagine
that could be fairly easily resolved to a further system preference if you
wanted to submit a bug for it?

Regards the logout.. this does work if your Identity provider supports
single sign out and you've got your service provider configured to send the
logout codes.  It will log you out of everything at the same time, not just
Koha.

In my understanding, that is the intention of SSO vis Shibboleth.. some of
our sites login to Windows at the beginning of the day and don't expect to
have to login to any service from that point onwards.

I hope that helps,

*Martin Renvoize, MPhys (Hons)*

<https://www.ptfs-europe.com>

Head of Development and Community Engagement



*Phone:* +44 (0) 1483 378728

*Mobile:* +44 (0) 7725 985 636

*Email:* martin.renvoize at ptfs-europe.com

www.ptfs-europe.com


*Sign up for our newsletters here <http://eepurl.com/dPjjkn> or by scanning
the QR code*



Registered in the United Kingdom No. 06416372   VAT Reg No. 925 7211 30

The information contained in this email message may be privileged,
confidential and protected from disclosure. If you are not the intended
recipient, any dissemination, distribution or copying is strictly
prohibited. If you think that you have received this email message in
error, please email the sender at info at ptfs-europe.com


On Wed, 31 Mar 2021 at 05:05, Andy Boze <Boze.1 at nd.edu> wrote:

> We are testing Koha 20.11.04 and are interested in the new
> Shibboleth-only authentication feature. I have set "staffShibOnly" to
> "Don't allow staff to login by means other than shibboleth."
>
> If I have already logged in to another Shibboleth site, when I visit the
> Koha staff client, I'm automatically logged in without getting a login
> prompt. I suspect that this is the intended behavior, but all of our
> other Shib-enabled campus services have a login link. More problematic
> is the fact that on logging out of the staff client, it simply logs me
> in again.
>
> Does anyone have any experience with this new feature? I'm wondering how
> to avoid automatic login without having to click a login link, and how
> to log out without having it log me in again.
>
> I suppose an alternative would be not to use the "staffShibOnly" setting
> and instead alter the login page template to remove the local login
> section.
>
> Thanks for any advice.
>
> --
> Andy Boze, Associate Librarian
> University of Notre Dame
> 271H Hesburgh Library
> (574) 631-8708
> _______________________________________________
>
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
>

More information about the Koha mailing list