[Bug 34164] New: OAuth2/OIDC should redirect to page that initiated login
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Bug ID: 34164 Summary: OAuth2/OIDC should redirect to page that initiated login Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: dcook@prosentient.com.au QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org At the moment, a successful OAuth2/OIDC login is sent to opac-user.pl/opac-main.pl or mainpage.pl instead of the page that initiated the login process. With Shibboleth, we manage this using the "target" URL, so that the Shibboleth login is processed by whatever page initiated it, but that doesn't work with OAuth2/OIDC and the "redirect_uri" since we're using an API endpoint. However, all we need to do is save the current path in the user's session, and then recall it after the successful login. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |31378 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31378 [Bug 31378] Add a generic OAuth2/OIDC client implementation -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 --- Comment #1 from David Cook <dcook@prosentient.com.au> --- (In reply to David Cook from comment #0)
However, all we need to do is save the current path in the user's session, and then recall it after the successful login.
No, not the current path, because that's the path to the API. We either need to save the path of the previous request, or we need to use the HTTP_REFERER, which is problematic since it's a user-provided HTTP header. We can validate the URL in the HTTP_REFERER, although if you initiated a login from "/cgi-bin/koha/opac-main.pl?logout.x=1" then you'd be redirected to a logout page. But we can't leave off the query string because sometimes you'd want to be redirected to "/cgi-bin/koha/opac-detail.pl?biblionumber=29" for instance. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=31175 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Michaela Sieber <michaela.sieber@kit.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |clemens.tubach@kit.edu, | |lukasz.koszyk@kit.edu, | |michaela.sieber@kit.edu, | |tomascohen@gmail.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mihai.bojonca@tcmi.edu --- Comment #2 from David Cook <dcook@prosentient.com.au> --- *** Bug 24261 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Nicholas van Oudtshoorn <vanoudt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vanoudt@gmail.com Assignee|koha-bugs@lists.koha-commun |vanoudt@gmail.com |ity.org | Status|NEW |Needs Signoff --- Comment #3 from Nicholas van Oudtshoorn <vanoudt@gmail.com> --- Created attachment 163127 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163127&action=edit Return to the referring URL when signing in using GoogleOpenID Just threw together a quick patch which enables this. This also strips out the logout parameter from the referring URL, so that we don't end up in a loop. It would be good to also check that the referring URI is part of the koha installation, and if not go to the main library page. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Patch doesn't apply --- Comment #4 from David Cook <dcook@prosentient.com.au> --- opac/cgi-bin/opac/svc/auth/googleopenidconnect is not a valid Koha path in the git. It also looks like this is based off a different version of ./opac/svc/auth/googleopenidconnect than what exists in Koha's master branch. I think too the goal is to deprecate and remove ./opac/svc/auth/googleopenidconnect in favour of the new generic OIDC functionality. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Nicholas van Oudtshoorn <vanoudt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #163127|0 |1 is obsolete| | --- Comment #5 from Nicholas van Oudtshoorn <vanoudt@gmail.com> --- Created attachment 163128 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163128&action=edit Redirect to referring URL, excluding logout parameters A quick patch which enables this. This also strips out the logout parameter from the referring URI, so that we don't end up in a loop. It also checks that the referring URI is part of the koha installation, and if not goes to either the main page or the user page. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Nicholas van Oudtshoorn <vanoudt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #163128|0 |1 is obsolete| | --- Comment #6 from Nicholas van Oudtshoorn <vanoudt@gmail.com> --- Created attachment 163129 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163129&action=edit Patch to redirect on login A quick patch which enables this. This also strips out the logout parameter from the referring URI, so that we don't end up in a loop. It also checks that the referring URI is part of the koha installation, and if not goes to either the main page or the user page. (Obsoleting old patch which I managed to mangle!) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 --- Comment #7 from Nicholas van Oudtshoorn <vanoudt@gmail.com> --- (In reply to David Cook from comment #4)
opac/cgi-bin/opac/svc/auth/googleopenidconnect is not a valid Koha path in the git.
It also looks like this is based off a different version of ./opac/svc/auth/googleopenidconnect than what exists in Koha's master branch.
I think too the goal is to deprecate and remove ./opac/svc/auth/googleopenidconnect in favour of the new generic OIDC functionality.
Thanks David. I didn't realise that. I've had a quick look at the new OIDC stuff... and it's a LOT less user friendly. I'll get around to having a look at it in the next week or so. Not sure why the googleopenidconnect file is different; it might be because it's based off the 23.11 branch. (I made the patch off a recently upgraded package install.) I can see about fixing that soon too. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Nicholas van Oudtshoorn <vanoudt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #163129|0 |1 is obsolete| | --- Comment #8 from Nicholas van Oudtshoorn <vanoudt@gmail.com> --- Created attachment 163493 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163493&action=edit Redirect to referring URL on successful OAuth2 Login This allows the new OAuth2/OIDC identity providers to redirect to the opac page the user was on when requesting a login. It ensures that the referrer is on the opac server, and strips out the logout parameters from the URI to prevent a login/logout loop. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 --- Comment #9 from Nicholas van Oudtshoorn <vanoudt@gmail.com> --- Created attachment 163494 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163494&action=edit Redirection to referring url for the googleopenidconnect service A secondary patch that enables redirecting to the referring page when using the old style googleopenidconnect service rather than the new identity providers. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Nicholas van Oudtshoorn <vanoudt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #163493|0 |1 is obsolete| | --- Comment #10 from Nicholas van Oudtshoorn <vanoudt@gmail.com> --- Created attachment 163495 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163495&action=edit Redirect to referring URL on successful OAuth2 Login This allows the new OAuth2/OIDC identity providers to redirect to the opac page the user was on when requesting a login. It ensures that the referrer is on the opac server, and strips out the logout parameters from the URI to prevent a login/logout loop. This patch removes some debugging code that should never have been included in the previous patch! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Nicholas van Oudtshoorn <vanoudt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #163495|0 |1 is obsolete| | --- Comment #11 from Nicholas van Oudtshoorn <vanoudt@gmail.com> --- Created attachment 163496 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163496&action=edit Redirect to referring URL on successful OAuth2 Login This allows the new OAuth2/OIDC identity providers to redirect to the opac page the user was on when requesting a login. It ensures that the referrer is on the opac server, and strips out the logout parameters from the URI to prevent a login/logout loop. This patch removes some debugging code that should never have been included in the previous patch! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Nicholas van Oudtshoorn <vanoudt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Patch doesn't apply |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Michaela Sieber <michaela.sieber@kit.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off --- Comment #12 from Michaela Sieber <michaela.sieber@kit.edu> --- successfully tested the new OAuth2/OIDC identity providers! Please note that we were only able to test the second patch for oidc identity provider. We therefore ask for a second sign off for the old mimic for authentication via google oidc Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Failed QA --- Comment #13 from David Cook <dcook@prosentient.com.au> --- There's a few things here: 1. We do need the referrer for the staff interface too, since people might be using bookmarks, have expired sessions when clicking on an old search result, manually going to a URL written by hand, etc. 2. The session variable is different between the googleopenidconnect and the REST client. I think it'd be best to use the same meaningful name. (I also think referer as used in the REST client is too generic. That could cause problems down the line if we started tracking refer for other reasons. I think the one you used for googleopenidconnect could work (ie "auth-refer-uri"), so I think just harmonize those. 3. It would make more sense to validate the referrer input before setting it as a session variable. 4. Instead of "if (defined $referrer_url) && ($referrer_url ne '')", I think we could just do (if $referrer_url) in Perl. This syntax reminds me more of Python/Ruby. -- Overall, it's looking good, and I'm really looking forward to having this feature in Koha. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 --- Comment #14 from David Cook <dcook@prosentient.com.au> --- I know this might be annoying, but it might be worth splitting this into 2 issues with 1 patch on each issue. Just because a lot of people will be able to test the REST client using Keycloak, but fewer people will be able to test the googleopenidconnect service. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 --- Comment #15 from David Cook <dcook@prosentient.com.au> --- Comment on attachment 163496 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163496 Redirect to referring URL on successful OAuth2 Login Review of attachment 163496: --> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=34164&attachment=163496) ----------------------------------------------------------------- ::: Koha/REST/V1/OAuth/Client.pm @@ +56,4 @@
if ( $interface eq 'opac' ) { + my $host = C4::Context->preference('OPACBaseURL'); + $redirect_url = $host . '/api/v1/public/oauth/login/'; + if ((defined $referrer_url) && ($referrer_url ne '') && ($referrer_url =~ /^$host/ )) {
Since OPACBaseURL is a user input, I think it would be good to change the regexp to /^\Q$host\E/, so that we're escaping any metacharacters that might intentionally or unintentionally come through in that system preference. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Nicholas van Oudtshoorn <vanoudt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #163494|0 |1 is obsolete| | Attachment #163496|0 |1 is obsolete| | --- Comment #16 from Nicholas van Oudtshoorn <vanoudt@gmail.com> --- Created attachment 164979 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=164979&action=edit [PATCH] Allow OAuth login to redirect to referring url on successful login Redirection to referring URL on successful OAuth2 Login. Updated following David's comments: 1. Enables the service for both the staff and the opac interfaces. 2. Uses "auth-refer-ui" as the session variable name. 3. Validates the referrer input before setting it as a session variable. 4. Uses perl syntax a bit better; perl isn't my preferred language, and it shows! Thanks David! 5. Only deals with OIDC/OAuth2, bug 36617 has been created to deal with the googleopenidconnect service. 6. Changes the regexp to /^\Q$host\E as a security measure. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Nicholas van Oudtshoorn <vanoudt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Nicholas van Oudtshoorn <vanoudt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #164979|0 |1 is obsolete| | --- Comment #17 from Nicholas van Oudtshoorn <vanoudt@gmail.com> --- Created attachment 164980 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=164980&action=edit [PATCH] Allow OAuth login to redirect to referring url on successful login Redirection to referring URL on successful OAuth2 Login. Updated following David's comments: 0. Removes some ugly debug statement that snuck into the patch! 1. Enables the service for both the staff and the opac interfaces. 2. Uses "auth-refer-ui" as the session variable name. 3. Validates the referrer input before setting it as a session variable. 4. Uses perl syntax a bit better; perl isn't my preferred language, and it shows! Thanks David! 5. Only deals with OIDC/OAuth2, bug 36617 has been created to deal with the googleopenidconnect service. 6. Changes the regexp to /^\Q$host\E as a security measure. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Lukas Koszyk <lukasz.koszyk@kit.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Failed QA --- Comment #18 from Lukas Koszyk <lukasz.koszyk@kit.edu> --- Redirecting to the previous page after logging in generally works but unfortunately there are a few problems: 1. If there was an error in authentication or the user does not have permissions, the user will also be redirected without notice. The error message cannot be read because only on the page "/cgi-bin/koha/opac-user.pl" (in OPAC) errors are displayed. 2. After logging out (the "logout.x" parameter in the URL is present) the user cannot log back in. 3. After logging in from the OPAC main page, the user should be redirected to the account page ("/cgi-bin/koha/opac-user.pl"). -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=36617 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 --- Comment #19 from David Cook <dcook@prosentient.com.au> --- Lukas makes some good points. See my Comment 4 on bug 36617 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=40736 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 --- Comment #20 from David Cook <dcook@prosentient.com.au> --- I'm having another crack at this one, and mindful of Lukas's comments. I think they're all solvable though (one way or another). -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|vanoudt@gmail.com |dcook@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #164980|0 |1 is obsolete| | --- Comment #21 from David Cook <dcook@prosentient.com.au> --- Created attachment 186959 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=186959&action=edit Bug 34164: Redirect to referring URL when doing OIDC/OAuth SSO This patch makes it so that a successful SSO will return you to the place where you initiated the SSO. This is especially useful when doing searches, placing holds, etc. Test plan: 0. Apply patch and koha-plack --restart kohadev 1. Set up OIDC SSO using https://wiki.koha-community.org/wiki/Testing_SSO 2. Go to http://localhost:8081/cgi-bin/koha/circ/circulation-home.pl 3. Do a staff login using SSO 4. Note that you're redirected to http://localhost:8081/cgi-bin/koha/circ/circulation-home.pl after the successful login 5. Go to http://localhost:8080/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1 6. Do a OPAC SSO login 7. Note that you're returned to http://localhost:8080/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1 after the successful login 8. Logout of the staff admin and OPAC 9. Note your URL ends in ?logout.x=1 10. Try logging back into them using SSO 11a. Note that you're logged in and not automatically logged out 11b. Note that if you're on the OPAC, you should be redirected to opac-user.pl instead of opac-main.pl or the root path 12. If you change the domain for the SSO users to something that your user does not match, try logging in again, and note that the error message should display on mainpage.pl or opac-main.pl/opac-user.pl for the OPAC. (This is because these are the pages that show SSO errors.) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Lukas Koszyk <lukasz.koszyk@kit.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #186959|0 |1 is obsolete| | --- Comment #22 from Lukas Koszyk <lukasz.koszyk@kit.edu> --- Created attachment 187045 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=187045&action=edit Bug 34164: Redirect to referring URL when doing OIDC/OAuth SSO This patch makes it so that a successful SSO will return you to the place where you initiated the SSO. This is especially useful when doing searches, placing holds, etc. Test plan: 0. Apply patch and koha-plack --restart kohadev 1. Set up OIDC SSO using https://wiki.koha-community.org/wiki/Testing_SSO 2. Go to http://localhost:8081/cgi-bin/koha/circ/circulation-home.pl 3. Do a staff login using SSO 4. Note that you're redirected to http://localhost:8081/cgi-bin/koha/circ/circulation-home.pl after the successful login 5. Go to http://localhost:8080/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1 6. Do a OPAC SSO login 7. Note that you're returned to http://localhost:8080/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1 after the successful login 8. Logout of the staff admin and OPAC 9. Note your URL ends in ?logout.x=1 10. Try logging back into them using SSO 11a. Note that you're logged in and not automatically logged out 11b. Note that if you're on the OPAC, you should be redirected to opac-user.pl instead of opac-main.pl or the root path 12. If you change the domain for the SSO users to something that your user does not match, try logging in again, and note that the error message should display on mainpage.pl or opac-main.pl/opac-user.pl for the OPAC. (This is because these are the pages that show SSO errors.) Signed-off-by: Lukas Koszyk <lukasz.koszyk@kit.edu> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off --- Comment #23 from David Cook <dcook@prosentient.com.au> --- Thanks for that, Lukas. I think you might've forgotten to update the status of the bug, so I'll update that for you now. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA Patch complexity|--- |Medium patch -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #187045|0 |1 is obsolete| | --- Comment #24 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 187217 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=187217&action=edit Bug 34164: Redirect to referring URL when doing OIDC/OAuth SSO This patch makes it so that a successful SSO will return you to the place where you initiated the SSO. This is especially useful when doing searches, placing holds, etc. Test plan: 0. Apply patch and koha-plack --restart kohadev 1. Set up OIDC SSO using https://wiki.koha-community.org/wiki/Testing_SSO 2. Go to http://localhost:8081/cgi-bin/koha/circ/circulation-home.pl 3. Do a staff login using SSO 4. Note that you're redirected to http://localhost:8081/cgi-bin/koha/circ/circulation-home.pl after the successful login 5. Go to http://localhost:8080/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1 6. Do a OPAC SSO login 7. Note that you're returned to http://localhost:8080/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1 after the successful login 8. Logout of the staff admin and OPAC 9. Note your URL ends in ?logout.x=1 10. Try logging back into them using SSO 11a. Note that you're logged in and not automatically logged out 11b. Note that if you're on the OPAC, you should be redirected to opac-user.pl instead of opac-main.pl or the root path 12. If you change the domain for the SSO users to something that your user does not match, try logging in again, and note that the error message should display on mainpage.pl or opac-main.pl/opac-user.pl for the OPAC. (This is because these are the pages that show SSO errors.) Signed-off-by: Lukas Koszyk <lukasz.koszyk@kit.edu> Signed-off-by: Tomás Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 --- Comment #25 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Test -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lucas@bywatersolutions.com QA Contact|testopia@bugs.koha-communit |tomascohen@gmail.com |y.org | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to main Version(s)| |25.11.00 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 --- Comment #26 from Lucas Gass (lukeg) <lucas@bywatersolutions.com> --- Nice work everyone! Pushed to main for 25.11 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 --- Comment #27 from Michaela Sieber <michaela.sieber@kit.edu> --- Could this please be backported to LTS version 24.11.xx ? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 --- Comment #28 from David Cook <dcook@prosentient.com.au> --- (In reply to Michaela Sieber from comment #27)
Could this please be backported to LTS version 24.11.xx ?
For what it's worth, I backported it locally to 24.11.xx and it's been working well. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Magnus Enger <magnus@libriotech.no> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=41312 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Laura Escamilla <Laura.escamilla@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Laura.escamilla@bywatersolu | |tions.com Version(s)|25.11.00 |25.11.00, 25.05.x released in| | Status|Pushed to main |Needs documenting --- Comment #29 from Laura Escamilla <Laura.escamilla@bywatersolutions.com> --- This change has been backported to the 25.05.x branch. Thank you! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164 Fridolin Somers <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version(s)|25.11.00, 25.05.x |25.11.00,25.05.07,24.11.12 released in| | CC| |fridolin.somers@biblibre.co | |m --- Comment #30 from Fridolin Somers <fridolin.somers@biblibre.com> ---
For what it's worth, I backported it locally to 24.11.xx and it's been working well. Thanks for this ;)
Pushed to 24.11.x for 24.11.12 -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org