hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-23 18:03:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

New modules/authentication-shibboleth.cfg

Browse Source 
git-svn-id: http://scm.dspace.org/svn/repo/dspace/trunk@6565 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Stuart Lewis
2011-08-19 03:22:41 +00:00
parent 686e5fffed
commit c0003038ef
6 changed files with 152 additions and 236 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
dspace/config/dspace.cfg
View File

@@ -366,78 +366,6 @@ handle.dir = ${dspace.dir}/handle-server
#### Stackable Authentication Methods #####
#### Shibboleth Authentication Configuration Settings ####
# Check https://mams.melcoe.mq.edu.au/zope/mams/pubs/Installation/dspace15/view
# for installation detail.
#
# DSpace requires email as user's credential. There are 2 ways of providing
# email to DSpace:
# 1) by explicitly specifying to the user which attribute (header)
# carries the email address.
# 2) by turning on the user-email-using-tomcat=true which means
# the software will try to acquire the user's email from Tomcat
# The first option takes PRECEDENCE when specified. Both options can
# be enabled to allow fallback.
# this option below specifies that the email comes from the mentioned header.
# The value is CASE-Sensitive.
authentication.shib.email-header = MAIL
# optional. Specify the header that carries user's first name
# this is going to be used for creation of new-user
authentication.shib.firstname-header = SHIB-EP-GIVENNAME
# optional. Specify the header that carries user's last name
# this is used for creation of new user
authentication.shib.lastname-header = SHIB-EP-SURNAME
# this option below forces the software to acquire the email from Tomcat.
authentication.shib.email-use-tomcat-remote-user = true
# should we allow new users to be registered automtically
# if the IdP provides sufficient info (and user not exists in DSpace)
authentication.shib.autoregister = true
# these two header here specify which attribute that is responsible
# for providing user's roles to DSpace and unscope the attributes if needed.
# When not specified, it is defaulted to 'Shib-EP-UnscopedAffiliation', and
# ignore-scope is defaulted to 'false'.
# The value is specified in AAP.xml (Shib 1.3.x) or
# attribute-filter.xml (Shib 2.x). The value is CASE-Sensitive.
# The values provided in this header are separated by semi-colon or comma.
# If your sp only provides scoped role header, you need to set
# authentication.shib.role-header.ignore-Scope as true.
# for example if you only get Shib-EP-ScopedAffiliation instead of Shib-EP-ScopedAffiliation,
# you have to make your setting as:
# authentication.shib.role-header = Shib-EP-ScopedAffiliation
# authentication.shib.role-header.ignore-scope = true
# authentication.shib.role-header = Shib-EP-UnscopedAffiliation
authentication.shib.role-header.ignore-scope = false
# when user is fully authN on IdP but would not like to release
# his/her roles to DSpace (for privacy reason?), what should be
# the default roles be given to such users?
# The values are separated by semi-colon or comma
# authentication.shib.default-roles = Staff, Walk-ins
# The following mappings specify role mapping between IdP and Dspace.
# the left side of the entry is IdP's role (prefixed with
# "authentication.shib.role.") which will be mapped to
# the right entry from DSpace. DSpace's group as indicated on the
# right entry has to EXIST in DSpace, otherwise user will be identified
# as 'anonymous'. Multiple values on the right entry should be separated
# by comma. The values are CASE-Sensitive. Heuristic one-to-one mapping
# will be done when the IdP groups entry are not listed below (i.e.
# if "X" group in IdP is not specified here, then it will be mapped
# to "X" group in DSpace if it exists, otherwise it will be mapped
# to simply 'anonymous')
#
# Given sufficient demand, future release could support regex for the mapping
# special characters need to be escaped by \
authentication.shib.role.Senior\ Researcher = Researcher, Staff
authentication.shib.role.Librarian = Administrator
#### PasswordAuthentication options ####
# Only emails ending in the following domains are allowed to self-register

71
dspace/config/modules/authentication-shibboleth.cfg Normal file
View File

@@ -0,0 +1,71 @@
#### Shibboleth Authentication Configuration Settings ####
# Check https://mams.melcoe.mq.edu.au/zope/mams/pubs/Installation/dspace15/view
# for installation detail.
#
# DSpace requires email as user's credential. There are 2 ways of providing
# email to DSpace:
# 1) by explicitly specifying to the user which attribute (header)
# carries the email address.
# 2) by turning on the user-email-using-tomcat=true which means
# the software will try to acquire the user's email from Tomcat
# The first option takes PRECEDENCE when specified. Both options can
# be enabled to allow fallback.
# this option below specifies that the email comes from the mentioned header.
# The value is CASE-Sensitive.
email-header = MAIL
# optional. Specify the header that carries user's first name
# this is going to be used for creation of new-user
firstname-header = SHIB-EP-GIVENNAME
# optional. Specify the header that carries user's last name
# this is used for creation of new user
lastname-header = SHIB-EP-SURNAME
# this option below forces the software to acquire the email from Tomcat.
email-use-tomcat-remote-user = true
# should we allow new users to be registered automtically
# if the IdP provides sufficient info (and user not exists in DSpace)
autoregister = true
# these two header here specify which attribute that is responsible
# for providing user's roles to DSpace and unscope the attributes if needed.
# When not specified, it is defaulted to 'Shib-EP-UnscopedAffiliation', and
# ignore-scope is defaulted to 'false'.
# The value is specified in AAP.xml (Shib 1.3.x) or
# attribute-filter.xml (Shib 2.x). The value is CASE-Sensitive.
# The values provided in this header are separated by semi-colon or comma.
# If your sp only provides scoped role header, you need to set
# role-header.ignore-Scope as true.
# for example if you only get Shib-EP-ScopedAffiliation instead of Shib-EP-ScopedAffiliation,
# you have to make your setting as:
# role-header = Shib-EP-ScopedAffiliation
# role-header.ignore-scope = true
# role-header = Shib-EP-UnscopedAffiliation
role-header.ignore-scope = false
# when user is fully authN on IdP but would not like to release
# his/her roles to DSpace (for privacy reason?), what should be
# the default roles be given to such users?
# The values are separated by semi-colon or comma
# default-roles = Staff, Walk-ins
# The following mappings specify role mapping between IdP and Dspace.
# the left side of the entry is IdP's role (prefixed with
# "role.") which will be mapped to
# the right entry from DSpace. DSpace's group as indicated on the
# right entry has to EXIST in DSpace, otherwise user will be identified
# as 'anonymous'. Multiple values on the right entry should be separated
# by comma. The values are CASE-Sensitive. Heuristic one-to-one mapping
# will be done when the IdP groups entry are not listed below (i.e.
# if "X" group in IdP is not specified here, then it will be mapped
# to "X" group in DSpace if it exists, otherwise it will be mapped
# to simply 'anonymous')
#
# Given sufficient demand, future release could support regex for the mapping
# special characters need to be escaped by \
role.Senior\ Researcher = Researcher, Staff
role.Librarian = Administrator