[Koha-bugs] [Bug 30988] Adding a more generic version of googleopenidconnect
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jun 21 02:19:43 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30988
--- Comment #12 from David Cook <dcook at prosentient.com.au> ---
My test plan:
0. Set up koha-testing-docker with a jboss/keycloak container as per
https://hub.docker.com/r/jboss/keycloak/
0b. Create "test" realm with discovery doc:
http://<my_ip>:8082/auth/realms/test/.well-known/openid-configuration
0c. Create condiential OIDC client "koha" in "test" realm
0d. Create "test" user with email "test at test.test" and password "test"
0e. Fix "OPACBaseURL" so that it resolves to localhost instead of a
non-existent domain name
1. Apply patch
2. koha-plack --restart kohadev
3*. "koha-upgrade-schema kohadev" didn't work so had to manually apply DB
update via: koha-mysql kohadev <
installer/data/mysql/atomicupdate/openidconnect.sql
4. Set "OIDC" syspref to "Yes"
5. Set "OIDCAutoRegister" to "Allow"
6. Set "OIDCConfigURL" to
"http://<my_ip>:8080/auth/realms/test/.well-known/openid-configuration"
7. Set "OIDCDefaultBranch" to "CPL"
8. Set "OIDCDefaultCategory" to "Patron"
9. Set "OIDCOAuth2ClientID" to my Keycloak client id
10. Set "OIDCOAuth2ClientSecret" to my Keycloak client secret
11. Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
12. Click "Log in to your account"
13. Fill out your username and password in Keycloak
14. Success! Returned to a logged in OPAC with new auto-registered borrower
However, at the moment, this patch would fail for a few reasons:
1. The atomic update doesn't look like it's set up correctly. It should be
automatically detected by koha-upgrade-schema
2. "Log in with OpenID" button on login failure is misnamed (It's "OpenID
Connect" and not "OpenID". "OpenID" is an older standard).
3. "Log in with OpenID" button is not readable. It is white text on a white
background.
--
On a side note, it would probably be a good idea to add support for OpenID
Connect logout as well, so that you're logged out of the SSO provider when
you're logged out of Koha. While this might not be desirable at home, on public
terminals it wouldn't be great if people logged out of Koha and then a stranger
came along and was able to re-login as them...
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list