[Koha] Single Sign-On via Drupal

Michael Kuhn mik at adminkuhn.ch
Thu May 31 00:19:48 NZST 2018


Hi

The KDZ Zentrum für Verwaltungsforschung in Vienna (Austria) is trying 
to connect Koha to the user database of a Drupal 7 instance via CAS. The 
goal would be to have a Single Sign-On / SSO solution with the user 
database of Drupal. No Koha-only user accounts would be required.

At the moment we are using the CAS module of Drupal, which provides a 
CAS server, and have connected it with the CAS authentication plugin of 
Koha. Authentication and login works, however only if users are already 
existing in Koha. The problem is: users are not automatically created in 
Koha, so the actual solution does not work without manually creating the 
user in Koha first. Thus, for the solution to properly work we'd need to 
find a way to auto-create the user accounts in Koha.

1. We've noted that the Shibboleth plugin has some auto-create option, 
that the CAS plugin seems to miss. Is there a way to have auto-creation 
work via CAS also?

2. Instead of the auto-create option, we've been thinking about some 
automated cron job that imports users in CAS on a regular basis based 
upon some CSV export provided by Drupal. A delay of a few hours until 
user accounts are created would be acceptable. Bug 12598 
(https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12598) 
mentions that Koha 18.05 comes with CLI support for the user import tool 
("import_patrons.pl"), so we have been considering using that for 
repetitive user imports. For that purpose, we could easily provide a CSV 
file in the desired format with Drupal. Does that seem like a doable 
approach?

3. Besides creating users with the correct user name, we'd have to map 
access levels to Koha as well. Would that be doable with the CSV import?

4. Setting a password on users in Koha is not necessary, as login should 
happen via the CAS interface. Is there a way to disable the password? 
Else we'd consider to just set an impossible-to-guess password for the 
accounts, so login would only work via Drupal.

Has anybody done something like this before? Any hints or ideas would be 
highly appreciated!

Best wishes: Michael
-- 
Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis
Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz
T 0041 (0)61 261 55 61 · E mik at adminkuhn.ch · W www.adminkuhn.ch


More information about the Koha mailing list