[Koha] Koha and Shibboleth

Michael Kuhn mik at adminkuhn.ch
Fri May 7 07:56:41 NZST 2021


Hi Alvaro

Thanks for the hint, but <Location /var/lib/koha/<INSTANCE>/ > isn't 
working either. Besides there is some caching going on (Memcache, Plack, 
Mojolicious) that complicates things a lot.

I think there is some important information missing in 
https://wiki.koha-community.org/wiki/Shibboleth_Configuration

Maybe it even has something to do with the new caching introduced in 
recent Koha versions?

Is anyone successfully running Shibboleth with Koha 20.11 (running 
Plack) - and if yes, what does your directive "Location" look like?

Best wishes: Michael
-- 
Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis
Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz
T 0041 (0)61 261 55 61 · E mik at adminkuhn.ch · W www.adminkuhn.ch



Am 06.05.21 um 21:19 schrieb Alvaro Cornejo:
> Hi Michael
> 
> My guess would be
> 
> <Location /var/lib/koha/<INSTANCE>/  >
> 
> since it is the root path of koha
> 
> Regards
> 
> Alvaro
> 
> |----------------------------------------------------------------------------------------|
> Stay safe / Cuídate/ Reste sécurisé
> */7/*Switch off as you go / Apaga lo que no usas / Débranchez au fur et 
> à mesure.
> *q *Recycle always / Recicla siempre / Recyclez toujours
> PPrint only if absolutely necessary / Imprime solo si es necesario / 
> Imprimez seulement si nécessaire
> 
> 
> Le jeu. 6 mai 2021 à 13:31, Michael Kuhn <mik at adminkuhn.ch 
> <mailto:mik at adminkuhn.ch>> a écrit :
> 
>     Hi Alvaro
> 
>       > I´ve never worked with shibboleth but error 404 meand apache can not
>       > find the specified page and/or has not permissions. Have you
>     check it
>       > out?
>       >
>       > As per what I understand, shibooleth needs to access file in:
>       >
>       >
>     https://kohaserver.yourdomain.example.com/Shibboleth.sso/Metadata
>     <https://kohaserver.yourdomain.example.com/Shibboleth.sso/Metadata>
>       >
>       > But in your apache config you are defining
>       >
>       > <Location />
>       >
>       > That means your domain root directory.
> 
>     That is how it's shown in the example...
> 
>       > Have you tried to point it to the shibboleth folder?
> 
>     What would be my shibboleth folder?
> 
>       > Can you get the metadata file directly from your browser?
> 
>     How would that work?
> 
>     However, I have deleted my previous configuration and started all over,
>     documenting and testing every step according to
>     https://wiki.koha-community.org/wiki/Shibboleth_Configuration
>     <https://wiki.koha-community.org/wiki/Shibboleth_Configuration>
> 
>     Everything works fine until section "Adding Directories and
>     Permissions"
>     and it's always possible to download an XML file when accessing
>     https://kohaserver.yourdomain.example.com/Shibboleth.sso/Metadata
>     <https://kohaserver.yourdomain.example.com/Shibboleth.sso/Metadata>
> 
>     So the file "Shibboleth.so/Metadata" seems to be created dynamically,
>     since there is no directory or file of that name on the Koha host.
> 
>     But as soon as I follow section "Enabling Shibboleth for your
>     Virtualhost" and add the directive <Location /> the trouble starts and
>     it is no more possible to access
>     https://kohaserver.yourdomain.example.com/Shibboleth.sso/Metadata
>     <https://kohaserver.yourdomain.example.com/Shibboleth.sso/Metadata> -
>     instead I get the message Sorry, the requested page is not available,
>     Error 404".
> 
>     So yes, "<Location />" is probably wrong but what would be the correct
>     path then? I tried <Location /Shibboleth.sso> and <Location
>     /shibboleth/metadata> but these seem to be wrong as well...
> 
>     Best wishes: Michael
>     -- 
>     Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis
>     Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz
>     T 0041 (0)61 261 55 61 · E mik at adminkuhn.ch
>     <mailto:mik at adminkuhn.ch> · W www.adminkuhn.ch <http://www.adminkuhn.ch>
> 
> 
> 
>      > Le jeu. 6 mai 2021 à 05:42, Michael Kuhn <mik at adminkuhn.ch
>     <mailto:mik at adminkuhn.ch>
>      > <mailto:mik at adminkuhn.ch <mailto:mik at adminkuhn.ch>>> a écrit :
>      >
>      >     Hi
>      >
>      >     In order to use Shibboleth with Koha 20.11 on Debian
>     GNU/Linux 10 I
>      >     searched for information about the necessary configuration.
>     The Koha
>      >     manual doesn't say anything about Shibboleth, but I found
>      > https://wiki.koha-community.org/wiki/Shibboleth_Configuration
>     <https://wiki.koha-community.org/wiki/Shibboleth_Configuration>
>      >   
>       <https://wiki.koha-community.org/wiki/Shibboleth_Configuration
>     <https://wiki.koha-community.org/wiki/Shibboleth_Configuration>> which
>      >     seems to be the only source of information on this.
>      >
>      >     I followed the information until section "Enabling Shibboleth
>     for your
>      >     Virtualhost" where it says "Important: Before moving on from this
>      >     section, you should be able to visit this address and see an
>     xml file
>      >     download, with no errors shown in your browser:
>      > https://kohaserver.yourdomain.example.com/Shibboleth.sso/Metadata
>     <https://kohaserver.yourdomain.example.com/Shibboleth.sso/Metadata>
>      >   
>       <https://kohaserver.yourdomain.example.com/Shibboleth.sso/Metadata
>     <https://kohaserver.yourdomain.example.com/Shibboleth.sso/Metadata>>"
>      >
>      >     Command "shibd -t" says: overall configuration is loadable, check
>      >     console or log for non-fatal problems
>      >
>      >     According to
>      >
>     https://github.com/Koha-Community/Koha/blob/master/C4/Auth_with_shibboleth.pm
>     <https://github.com/Koha-Community/Koha/blob/master/C4/Auth_with_shibboleth.pm>
>      >   
>       <https://github.com/Koha-Community/Koha/blob/master/C4/Auth_with_shibboleth.pm <https://github.com/Koha-Community/Koha/blob/master/C4/Auth_with_shibboleth.pm>>
>      >
>      >     I inserted the following into the Apache configuration file
>      >     <instance>.conf to tell Apache to allow Koha (with Plack
>     running) to
>      >     authenticate via Shibboleth:
>      >
>      >         <Location />
>      >           AuthType shibboleth
>      >           Require shibboleth
>      >           ShibUseEnvironment Off
>      >           ShibUseHeaders On
>      >         </Location>
>      >
>      >     Replacing "kohaserver.yourdomain.example.com
>     <http://kohaserver.yourdomain.example.com>
>      >     <http://kohaserver.yourdomain.example.com
>     <http://kohaserver.yourdomain.example.com>>" with the actual domain I
>      >     tried all sorts of configuration but all I ever get is just the
>      >     following message instead of the expected XML:
>      >
>      >        Sorry, the requested page is not available
>      >        Error 404
>      >
>      >     What may be the cause for this? Is maybe the directory/file
>      >     "Shibboleth.sso/Metadata" not existing, but how to create it?
>      >
>      >     Best wishes: Michael
>      >     --
>      >     Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg.
>     Fachausweis
>      >     Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz
>      >     T 0041 (0)61 261 55 61 · E mik at adminkuhn.ch
>     <mailto:mik at adminkuhn.ch>
>      >     <mailto:mik at adminkuhn.ch <mailto:mik at adminkuhn.ch>> · W
>     www.adminkuhn.ch <http://www.adminkuhn.ch> <http://www.adminkuhn.ch
>     <http://www.adminkuhn.ch>>
>      >     _______________________________________________
>      >
>      >     Koha mailing list http://koha-community.org
>     <http://koha-community.org> <http://koha-community.org
>     <http://koha-community.org>>
>      > Koha at lists.katipo.co.nz <mailto:Koha at lists.katipo.co.nz>
>     <mailto:Koha at lists.katipo.co.nz <mailto:Koha at lists.katipo.co.nz>>
>      >     Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
>     <https://lists.katipo.co.nz/mailman/listinfo/koha>
>      >     <https://lists.katipo.co.nz/mailman/listinfo/koha
>     <https://lists.katipo.co.nz/mailman/listinfo/koha>>
>      >
> 
> 




More information about the Koha mailing list