Dspace 7 and Shibboleth with multiple application on same server

103 views

Skip to first unread message

M P

unread,

Nov 1, 2022, 9:44:00 AM11/1/22

to DSpace Technical Support

For anyone with something similar to the following setup:

Webserver hosting multiple applications on different domains
Shibboleth serving an existing application in addition to Dspace

Our specific use case:

Koha hosted on webserver from domain1
Dspace hosted on webserver from domain2
both applications served by shibboleth

We were struggling to get the Shibboleth attributes passed to Dspace, with something like the following showing up in the dspace.log:

ERROR unknown unknown org.dspace.authenticate.ShibAuthentication @ Unable to register new eperson because we are unable to find an email address along with first and last name for the user.

NetId Header: 'uid'='null' (Optional)

Email Header: 'email'='null'

First Name Header: 'firstname'='null'

Last Name Header: 'lastname'='null'

This was in spite of having all the correct associations made in dspace/config/modules/authentication-shibboleth.cfg. Furthermore, my existing app, Koha, had session data at /Shibboleth.sso/Session.

It took us a while to find the correct configuration, but it is a relatively easy fix:

Add an application override to your shibboleth.xml configuration
Reference the application ID in your apache configuration

Shibboleth Configuration

Just above your "ApplicationDefaults" section, add a requestMapper:

Just above your </ApplicationDefaults> tag (the closing tag) add the override:

Save and restart your shibd service, making sure there are no errors.

Apache Configuration

In addition to the required apache2 configurations stipulated in the documentation, you will need to include the following in your <Location /> block:

ShibRequestSetting applicationId dspace

Note that the applicationId corresponds to the name you set in your Shibboleth RequestMap and ApplicationOverride.