http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13932 Bug ID: 13932 Summary: Allow a header to be considered trusted to provide the userid Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: gmcharlt@gmail.com Reporter: robin@catalyst.net.nz QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org When Koha is placed behind an SSO system, it'd be useful to be able to get the user ID, like happens with basic auth. This patch allows a header to be considered an authoritative source of user ID. This only works with a plack-like environment, when apache is running Koha as CGI I think the headers come through using a different method. An example configuration would be: <Location /> ... mod_auth_mellon config goes here ... Header unset X_REMOTE_USER RequestHeader unset X_REMOTE_USER RequestHeader set X_REMOTE_USER %{MELLON_sfdcid}e </Location> (REMOTE_USER seems to have a special use to apache that means it doesn't work, hence using X_REMOTE_USER.) For testing, you can fake it by replacing the variable with something hardcoded and ignore all the SSO guff. -- You are receiving this mail because: You are watching all bug changes.