|
|
| (18 intermediate revisions by 3 users not shown) |
| Line 1: |
Line 1: |
| == Prerequisites ==
| | #REDIRECT [[REMOTE_USER_Authentication]] |
| | |
| * installed functional Shibboleth-sp in Apache2 (or SW with similar functionality). The installation is beyond the scope of this document.
| |
| | |
| == How does it work ==
| |
| | |
| When enabled in the GUI settings then the GUI search for the REMOTE_USER header (provided by Shibboleth sp) and uses it as auth user.
| |
| | |
| == Configuration ==
| |
| | |
| * enable it with GUI->Settings->System configuration : Use Shibboleth for auth
| |
| * it still requires some GUI's users for priveleges settings
| |
| * One user can be setup as default user for Shibboleth. See 'Default Shibboleth account' checkbox in GUI->Users & Audit->Users -> selected user
| |
| | |
| == Usage ==
| |
| | |
| * after the Shibboleth auth the GUI's Shibboleth button will appear in GUI login dialog
| |
| * after clicking on this button the content of REMOTE_USER header is used as the user in the GUI database for getting user's privileges
| |
| * if an user is not found then the user with set checkbox 'Default Shibboleth account' is used (if set)
| |
| * login is done
| |
| | |
| == Note about logout ==
| |
| The Shibboleth logout URL is constructed from Shib-Handler header + '/Logout' string. If not available then from HTTP_HOST header + '/Shibboleth.sso/Logout' string.
| |