DSpace - Shibboleth login with group addition

[Papp Gábor]

Dear Colleagues,

 

I would like to ask for help because I am stuck.

 

We are using DSpace 7.5. Users log in with Shibboleth (eduID), they should be added to an existing authorization group.

I set everything as described (https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-ShibbolethAuthentication).

The auth_users group name is exactly the same as the group name in the DSpace admin interface.

 

It doesn't add the user when logging in. What could be wrong? What did I miss? What should I check?

 

I enabled dev mode in the log. I got this ’error’. The group is empty:

@ Starting to determine special groups

@ Found Shibboleth role header: 'eduPersonScopedAffiliation' = '[mem...@valami.hu]'

@ Mapping role affiliation to DSpace group: ''

@ Added current EPerson to special groups: []

 

dspace.cfg:

authentication-shibboleth.role-header = eduPersonScopedAffiliation

authentication-shibboleth.role.auth_users = mem...@valami.hu

authentication-shibboleth.default-roles = auth_users

 

Many thanks,

Gabor

 

Papp Gábor
senior rendszergazda
IT és Adatvagyongazdálkodási Osztály
Károli Gáspár Református Egyetem, Kancellári Hivatal
1091 Budapest, Kálvin tér 7/A
Mobil: +36309151790
www.kre.hu
IT támogató portál: kre.topdesk.net

Gábor PAPP
Senior IT Administrator
Department of IT and Data Asset Management
Károli Gáspár University of the Reformed Church in Hungary, Chancellor's Office
H-1091 Budapest, Kálvin sq. 7/A
Mobile: +36309151790
www.kre.hu
IT Support Portal: kre.topdesk.net

 

[Kiriaki Roditi]

Hello Gabor,

 

I have a DSpace 7.6 installation with Shibboleth setup to authenticate University users.

The first thing that troubled me with this configuration was the mapping of the exact value from my ‘authentication-shibboleth.role-header’ attribute.

My guess is that you have special characters in that value (:), which you need to escape in authentication-shibboleth.cfg file, with a ‘\’ character.

Another thing I experienced in my installation is that mapping to default-roles does not work, so you need to explicitly map each value Shibboleth returns to your DSpace group.

 

Let me give you a practical example of the configuration I suggest.

 

authentication-shibboleth.role-header = eduPersonScopedAffiliation

authentication-shibboleth.role.urn\:mace\:dir\: attribute-def \:eduPersonScopedAffiliation\:eduUser1 = auth_users

authentication-shibboleth.role.urn\:mace\:dir\: attribute-def \:eduPersonScopedAffiliation\:eduUser2 = auth_users

 

*highlighted with yellow, after ”role.” is the ’eduPersonScopedAffiliation’ attribute value and highlighted in blue is the DSpace group you created.

 

Hope this helps,

Kiriaki

 

Kiriaki Roditi

Systems Engineer

 

---

ELiDOC Systems & Services

--
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/dspace-tech/DU0PR05MB91419B7C575F75447F85B7CAF3EAA%40DU0PR05MB9141.eurprd05.prod.outlook.com.