1) Enable plack
2) Alter the apache config block to ensure shibboleth is passing attributes via
headers instead of environment. (when running under plack, apache act's merely
as a Proxy and so cannot pass environment to the separate plack process).
3) Checkin shibboleth logins are now working using the plack instance.
--- Comment #7 from Martin Renvoize <[hidden email]> ---
So after more local testing, i found that the plack environment could be a
little more complex than my initial tests.
This patch obsoletes the original and calls 'get_shib_login' later in the
runtime (i.e. outside of the begin block) so we have a valid environment by the
time the routine run.
In short, it should all work now so long as you've updated your Apache configs
as per the inline perldoc documentation.
I believe the UseHeaders and UseEnvironment variables for the shibboleth
service provider software are mutually exclusive (they appeared to be in my
brief testing), so I don't believe it is possible to run in a half and half
setup (unless you have two entirely separate vhosts.. one for plack and one for
--- Comment #12 from Martin Renvoize <[hidden email]> ---
Fixed the get_login_shib.. thanks for spotting that.. seems I'd already
corrected it locally.. Oops.
As for the apache config..
It's the `ShibRequireSession On` line that means you are enforcing a shibboleth
login for all users I believe.. I don't think that's required if you want
optional login. I'm not sure where that line came from on your test system?
To help, I've included a copy of my exact config from the demo server where
I've been testing:
# Optional Shibboleth Configuration - Plack Alternative
#ShibRequestSetting applicationId demo.koha-ptfs.co.uk
--- Comment #15 from Martin Renvoize <[hidden email]> ---
Hmm, slightly confused by the comment then.. I thought you were finding that it
was always redirecting but that wasn't the behaviour you wanted. I'll quiz you
on IRC tomorrow to clarify the question.