[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Oct 29 00:57:10 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004
Arthur Suzuki <arthur.suzuki at biblibre.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |arthur.suzuki at biblibre.com
--- Comment #36 from Arthur Suzuki <arthur.suzuki at biblibre.com> ---
(In reply to Ulrich Kleiber from comment #34)
> I think leaving the proven path of pure doctrine is better than the
> alternative of using ILS-DI for patron authentication, where the password
> appears in the URL and thus in the Apache log files and the Plack log files.
> We have legacy systems which are not part of a centralized single sign-on
> infrastructure. But they are part of our in-house Koha infrastructure. Our
> patrons do not have to give there password to a third party service.
About ILS-DI having the password in the URL, the easy fix is to have the
third-party software querying Koha with HTTP-POST instead of HTTP-GET, that
works.
The parameters are then not part of the URL anymore, hence not logged.
(still transfered in cleartext if https is not used though)
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list