1) Enable plack
2) Alter the apache config block to ensure shibboleth is passing attributes via
headers instead of environment. (when running under plack, apache act's merely
as a Proxy and so cannot pass environment to the separate plack process).
3) Checkin shibboleth logins are now working using the plack instance.
--- Comment #7 from Martin Renvoize <[hidden email]> ---
So after more local testing, i found that the plack environment could be a
little more complex than my initial tests.
This patch obsoletes the original and calls 'get_shib_login' later in the
runtime (i.e. outside of the begin block) so we have a valid environment by the
time the routine run.
In short, it should all work now so long as you've updated your Apache configs
as per the inline perldoc documentation.
I believe the UseHeaders and UseEnvironment variables for the shibboleth
service provider software are mutually exclusive (they appeared to be in my
brief testing), so I don't believe it is possible to run in a half and half
setup (unless you have two entirely separate vhosts.. one for plack and one for
--- Comment #12 from Martin Renvoize <[hidden email]> ---
Fixed the get_login_shib.. thanks for spotting that.. seems I'd already
corrected it locally.. Oops.
As for the apache config..
It's the `ShibRequireSession On` line that means you are enforcing a shibboleth
login for all users I believe.. I don't think that's required if you want
optional login. I'm not sure where that line came from on your test system?
To help, I've included a copy of my exact config from the demo server where
I've been testing:
# Optional Shibboleth Configuration - Plack Alternative
#ShibRequestSetting applicationId demo.koha-ptfs.co.uk
--- Comment #15 from Martin Renvoize <[hidden email]> ---
Hmm, slightly confused by the comment then.. I thought you were finding that it
was always redirecting but that wasn't the behaviour you wanted. I'll quiz you
on IRC tomorrow to clarify the question.
--- Comment #16 from Katrin Fischer <[hidden email]> ---
What's missing here to get it moving again? I think the Plack - Shibboleth
incompatibility is going to be a real problem for users as Koha without Plack
is no fun...
What |Removed |Added
CC| |[hidden email]
--- Comment #19 from Barry Cannon <[hidden email]> ---
I am not sure about this patch. I managed to get it working on 16.11.10 but not
on 16.11.13. apply patch, enable plack - shibboleth auth doesn't work. Disable
plack and shib works again. Shib log seems to to be comparable during both
--- Comment #22 from Barry Cannon <[hidden email]> ---
I didn't have any problems applying to 16.11.13. However, I tested again and on
16.11.10 it works fine but as soon as I upgrade to 16.11.13 and re-apply the
patch the shib error returns.