Contribute to the DSpace Development Fund
The newly established DSpace Development Fund supports the development of new features prioritized by DSpace Governance. For a list of planned features see the fund wiki page.
Problem
Based on the work done on https://github.com/DSpace/dspace-angular/pull/568 and https://github.com/DSpace/DSpace/pull/2651 , it isn't been possible for all to accomplish authentication using shibboleth. We agree to share workable configurations.
Solution
In DSpace configuration, local.cfg file, ensure these lines are uncommented:
# Shibboleth authentication/authorization. See authentication-shibboleth.cfg for default configuration. plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.ShibAuthentication # Enabled by default in authentication.cfg plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.PasswordAuthentication
we also use default attributes that are mapped in my Shibboleth (version 3.0.4) attribute map (this may differ accordingly with the IdP).
In my local setup, I'm using Apache/2.4.6 (CentOS) with Proxypass with this settings:
<VirtualHost *:443> #(...) <Proxy *> AddDefaultCharset Off Order deny,allow Allow from all </Proxy> # The Shibboleth handler shall process all HTTPS requests on this location... <Location /server/api/authn/shibboleth> Order deny,allow Allow from all AuthType shibboleth ShibUseHeaders On Require shibboleth </Location> # The Shibboleth handler shall process all HTTPS requests on this location... <Location /server/api/authn/login> Order deny,allow Allow from all AuthType shibboleth ShibUseHeaders On Require shibboleth </Location> #Adding SSL Proxy Engine On SSLProxyEngine on ProxyRequests off ProxyPreserveHost On # A specific configuration for shibboleth proxypass ProxyPass /Shibboleth.sso ! # A specific proxypass configuration for DSpace server (both server and angular on the same machine) ProxyPass /server ajp://localhost:8009/server ProxyPassReverse /server ajp://localhost:8009/server # A specific proxypass configuration for Angular ProxyPass / http://localhost:3000/ ProxyPassReverse / http://localhost:3000/ #(...) </VirtualHost>
I'm also using Tomcat v9 (apache-tomcat-9.0.30) and java-11-openjdk.x86_64, with a almost default tomcat server.xml file:
<?xml version="1.0" encoding="UTF-8"?> <Server port="8005" shutdown="SHUTDOWN"> <!-- (...) --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> <Engine name="Catalina" defaultHost="localhost"> <!-- (...) --> <Host name="localhost" appBase="/dspace/webapps" unpackWARs="true" autoDeploy="true" xmlNamespaceAware="false" xmlValidation="false"> <Context allowLinking="true" path="" docBase="server" /> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="access_log" suffix=".log" pattern="%h %l %u %t "%r" %s %b" /> </Host> </Engine> <!-- (...) --> </Service> </Server>