[Koha-bugs] [Bug 31990] New: Shibboleth may redirect to opac if intranet and staff is served on same hostname.
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Oct 26 15:53:26 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31990
Bug ID: 31990
Summary: Shibboleth may redirect to opac if intranet and staff
is served on same hostname.
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Authentication
Assignee: koha-bugs at lists.koha-community.org
Reporter: bjorn.nylen at ub.lu.se
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
The issue seems to be caused by the session interface being stuck to 'opac' if
you serve both intranet and opac on the same hostname (different ports) and you
visit the opac page before trying to log into intranet.
Using the same hostname will result in opac and intranet using the same session
cookie, ie same session which may confuse things.
Repoducable in koha testing docker:
1. Enable shibboleth in koha-conf.xml and add a stub configuration
<shibboleth>
<matchpoint>userid</matchpoint> <!-- koha borrower field to match upon
-->
<mapping>
<userid is="eduPersonID"></userid> <!-- koha borrower field to
shibboleth attribute mapping -->
</mapping>
</shibboleth>
2. Resatart everything
3. Visit opac
4. Visit staff. The shib-login link will be to the opac url.
Visiting staff before opac will not do the opposite though.
Issue arised when we upgraded to 22.05.
Possibly a side effect of Bug 29915 or Bug 29914? Not familiar enough to
actually say.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list