[Koha-bugs] [Bug 17776] Shibboleth Authentication is broken in plack
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Sep 28 14:28:09 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17776
--- Comment #33 from Nick Clemens <nick at bywatersolutions.com> ---
This patchset leaves the decision open to the user/IT staff outside of Koha. We
can either enable shib with plack, or disable plack and use environment
variables depending on their unique security needs. Additional spoof protection
would be on the maintainer of the Koha server (via apache or other
configuration) so is again outside of Koha.
We should document that anyone enabling headers should read up on spoof
protection.
Finding a middleware solution might be a great future enhancement (or just make
everyone use CAS :-) ), but I think this is a workable interim solution
No blocker for me.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list