[Koha-bugs] [Bug 33708] OAuth/OIDC authentication for the staff interface requires OPAC enabled
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue May 9 23:11:19 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33708
--- Comment #1 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
Created attachment 150905
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=150905&action=edit
Bug 33708: Make staff interface login not require public API (OAuth/OIDC)
This patch makes the URL for staff login not point to the `/public`
namespace. The behavior is not changed for the protocol, but as
`/public` requires several settings to be available, it effectively
requires to enable the OPAC, the public API, etc. This patch
diferentiates both to solve the problem.
I've tested following the Wiki instructions to set keycloak [1] using
the *--sso* switch for `ktd` as well [2].
It is important to set the following URLs as allowed redirect in order
to replicate the issue and verify the fix:
http://localhost:8080/api/v1/public/oauth/login/test/opac
http://localhost:8081/api/v1/oauth/login/test/staff
To test:
1. Login into the staff interface using the SSO link:
=> FAIL: Results in a 'Bad redirect URL' error
2. Apply this patch and repeat 1
=> SUCCESS: You get a permission denied error or you just login,
depending on your setup.
[1] https://wiki.koha-community.org/wiki/Testing_SSO
[2] ktd --sso up -d
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list