https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24539 --- Comment #11 from David Cook <dcook@prosentient.com.au> --- (In reply to mark.jaroski from comment #10)
Here's an odd idea from something I've noticed in the code. It looks like there's Shibboleth support in there.
That gives Koha admins the option of configuring authentication at the webserver level with mod_auth_mellon or mod_auth_oidc either of which can be configured to pass Shibboleth-style headers to an application.
I think some vendors used to use mod_auth_mellon but it fell out of favour for some reason. Now mod_shib is used for the Shibboleth auth. I haven't looked at mod_auth_oidc, but it looks like it's available in Debian, so that could always be interesting: https://packages.debian.org/buster/libapache2-mod-auth-openidc
I've configured other applications that way, and it works well. Of course, you have to guarantee that requests come to the application from your webserver and nowhere else, but in a single box architecture that's no problem at all.
Using this patch here, you'd probably be able to use those quite easily. -- You are receiving this mail because: You are watching all bug changes.