[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Oct 29 07:55:02 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004
--- Comment #38 from Ulrich Kleiber <ulrich.kleiber at bsz-bw.de> ---
(In reply to Arthur Suzuki from comment #36)
> (In reply to Ulrich Kleiber from comment #34)
> > I think leaving the proven path of pure doctrine is better than the
> > alternative of using ILS-DI for patron authentication, where the password
> > appears in the URL and thus in the Apache log files and the Plack log files.
> > We have legacy systems which are not part of a centralized single sign-on
> > infrastructure. But they are part of our in-house Koha infrastructure. Our
> > patrons do not have to give there password to a third party service.
>
> About ILS-DI having the password in the URL, the easy fix is to have the
> third-party software querying Koha with HTTP-POST instead of HTTP-GET, that
> works.
> The parameters are then not part of the URL anymore, hence not logged.
> (still transfered in cleartext if https is not used though)
Thanks for your hint Arthur, it works :)
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list