[Koha] Shibboleth-only authentication

Andy Boze Boze.1 at nd.edu
Tue Apr 6 15:25:54 NZST 2021 

Hi, Martin.

I appreciate your reply. I think I will submit a bug.

Andy

On 3/31/2021 8:28 AM, Renvoize, Martin wrote:
> Hi Andy,
> 
> In the sites I worked with when developing this feature the 'no login link
> at all if already logged in' was indeed the intended behaviour.  I imagine
> that could be fairly easily resolved to a further system preference if you
> wanted to submit a bug for it?
> 
> Regards the logout.. this does work if your Identity provider supports
> single sign out and you've got your service provider configured to send the
> logout codes.  It will log you out of everything at the same time, not just
> Koha.
> 
> In my understanding, that is the intention of SSO vis Shibboleth.. some of
> our sites login to Windows at the beginning of the day and don't expect to
> have to login to any service from that point onwards.
> 
> I hope that helps,
> 
> *Martin Renvoize, MPhys (Hons)*
> 
> <https://www.ptfs-europe.com>
> 
> Head of Development and Community Engagement
> 
> 
> 
> *Phone:* +44 (0) 1483 378728
> 
> *Mobile:* +44 (0) 7725 985 636
> 
> *Email:* martin.renvoize at ptfs-europe.com
> 
> www.ptfs-europe.com
> 
> 
> *Sign up for our newsletters here <http://eepurl.com/dPjjkn> or by scanning
> the QR code*
> 
> 
> 
> Registered in the United Kingdom No. 06416372   VAT Reg No. 925 7211 30
> 
> The information contained in this email message may be privileged,
> confidential and protected from disclosure. If you are not the intended
> recipient, any dissemination, distribution or copying is strictly
> prohibited. If you think that you have received this email message in
> error, please email the sender at info at ptfs-europe.com
> 
> 
> On Wed, 31 Mar 2021 at 05:05, Andy Boze <Boze.1 at nd.edu> wrote:
> 
>> We are testing Koha 20.11.04 and are interested in the new
>> Shibboleth-only authentication feature. I have set "staffShibOnly" to
>> "Don't allow staff to login by means other than shibboleth."
>>
>> If I have already logged in to another Shibboleth site, when I visit the
>> Koha staff client, I'm automatically logged in without getting a login
>> prompt. I suspect that this is the intended behavior, but all of our
>> other Shib-enabled campus services have a login link. More problematic
>> is the fact that on logging out of the staff client, it simply logs me
>> in again.
>>
>> Does anyone have any experience with this new feature? I'm wondering how
>> to avoid automatic login without having to click a login link, and how
>> to log out without having it log me in again.
>>
>> I suppose an alternative would be not to use the "staffShibOnly" setting
>> and instead alter the login page template to remove the local login
>> section.
>>
>> Thanks for any advice.
>>
>> --
>> Andy Boze, Associate Librarian
>> University of Notre Dame
>> 271H Hesburgh Library
>> (574) 631-8708
>> _______________________________________________
>>
>> Koha mailing list  http://koha-community.org
>> Koha at lists.katipo.co.nz
>> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
>>
> 

-- 
Andy Boze, Associate Librarian
University of Notre Dame
271H Hesburgh Library
(574) 631-8708

More information about the Koha mailing list