https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30444 --- Comment #18 from Alex Buckley <alexbuckley@catalyst.net.nz> --- (In reply to David Cook from comment #16)
(In reply to Alex Buckley from comment #15)
Hi David,
Thank you for your questions and my apologies for my late reply.
The exact workflow we are wanting to follow with this patchset is:
1. A patron logs into the OPAC via SSO shibboleth
2. They visit the self-checkout page
3. As Koha is configured with AutoSelfCheckAllowed = allowed, and AutoSelfCheckId and AutoSelfCheckPass set to a patron with 'circulate' permissions that patron is used to automatically authenticate to the self-checkout page
4. Instead of displaying a form asking for the identity (username/password or cardnumber) of the patron we want to check out to, our patch skips that form by identifying the person logged into the OPAC as the patron to check out to
So in short, the only difference in behaviour our patchset should have is skipping the form asking for the identity of the patron we want to checkout too.
Does this help clarify the intent?
Thanks, Alex. That does clarify things a bit.
What happens after the user clicks "Finish" and "End session" in the self-checkout? Since they're still logged into the Shibboleth IdP, won't they get stuck in an infinite loop?
Thanks David. Ideally, they should be redirected back to the OPAC home page. I see on stock 22.05 that if you hit 'Finish' you're redirected to the form for entering cardnumber or username/password. Checking a test site I have this patchset running on if I hit 'Finish' the self-checkout page re-loads and I am still logged in - see attached screenshot. I had a discussion with Chris and we thought it would be a good idea if I move some of the patchset logic I have in C4/Auth->checkauth() and sco-main.pl into a new subroutine in C4/Auth_with_shibboleth.pm. What are your thoughts on this? -- You are receiving this mail because: You are watching all bug changes.