Contribute to the DSpace Development Fund

The newly established DSpace Development Fund supports the development of new features prioritized by DSpace Governance. For a list of planned features see the fund wiki page.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Problem

Based on the work done on https://github.com/DSpace/dspace-angular/pull/568 and https://github.com/DSpace/DSpace/pull/2651 , it isn't been possible for all to accomplish authentication using shibboleth. We agree to share workable configurations.

Solution

In DSpace configuration, local.cfg file, ensure these lines are uncommented:

# Shibboleth authentication/authorization. See authentication-shibboleth.cfg for default configuration.
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.ShibAuthentication

# Enabled by default in authentication.cfg
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.PasswordAuthentication

we also use default attributes that are mapped in my Shibboleth (version 3.0.4) attribute map (this may differ accordingly with the IdP).


In my local setup, I'm using Apache/2.4.6 (CentOS) with Proxypass with this settings:

<VirtualHost *:443>  
#(...)	
	<Proxy *>
		AddDefaultCharset Off
		Order deny,allow
		Allow from all
	</Proxy>

	# The Shibboleth handler shall process all HTTPS requests on this location...
    <Location /server/api/authn/shibboleth>
        Order deny,allow
        Allow from all
		AuthType shibboleth
		ShibUseHeaders On
		Require shibboleth
    </Location>
	# The Shibboleth handler shall process all HTTPS requests on this location...
    <Location /server/api/authn/login>
        Order deny,allow
        Allow from all
		AuthType shibboleth
		ShibUseHeaders On
		Require shibboleth
    </Location>	

    #Adding SSL Proxy Engine On
    SSLProxyEngine on
	ProxyRequests off
    ProxyPreserveHost On

	# A specific configuration for shibboleth proxypass
	ProxyPass /Shibboleth.sso !

	# A specific proxypass configuration for DSpace server (both server and angular on the same machine)
	ProxyPass /server ajp://localhost:8009/server
	ProxyPassReverse /server ajp://localhost:8009/server

	# A specific proxypass configuration for Angular
	ProxyPass / http://localhost:3000/
	ProxyPassReverse / http://localhost:3000/
#(...)
</VirtualHost>

I'm also using Tomcat v9 (apache-tomcat-9.0.30) and java-11-openjdk.x86_64, with a almost default tomcat server.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005" shutdown="SHUTDOWN">
  <!-- (...) -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    <Engine name="Catalina" defaultHost="localhost">
  <!-- (...) -->
      <Host name="localhost"  appBase="/dspace/webapps" unpackWARs="true" autoDeploy="true" xmlNamespaceAware="false" xmlValidation="false">
		<Context allowLinking="true" path="" docBase="server" />
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="access_log" suffix=".log" pattern="%h %l %u %t "%r" %s %b" />
      </Host>
    </Engine>
  <!-- (...) -->
  </Service>
</Server>


Related resources



  • No labels

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.