[Koha-devel] SelfCheckoutByLogin

David Cook dcook at prosentient.com.au
Mon Apr 15 09:10:49 CEST 2024 

Part of the reason is that it’s considerably more complicated and error-prone. 

 

If you log in using Google OpenID Connect, the self-checkout browser will retain your Google user session beyond your Koha self-checkout user session. Also, when Koha goes back to Google to authenticate someone else, it will auto-detect that you’re still logged in, and use your account instead. 

 

In theory, we could do a back channel logout against Google (or whatever other OpenID Connect identity provider), but if that failed to run for whatever reason you’re risking someone else at a public terminal accessing your personal Google account.

 

SAML doesn’t even have options for back channel logout, which makes it not an option at all. 

 

If someone can think of a really good way of making this work, I’d be happy to discuss it further, but I can’t think of a safe way to do this on a public terminal at the moment.

 

David Cook

Senior Software Engineer

Prosentient Systems

Suite 7.03

6a Glen St

Milsons Point NSW 2061

Australia

 

Office: 02 9212 0899

Online: 02 8005 0595

 

From: Koha-devel <koha-devel-bounces at lists.koha-community.org> On Behalf Of Katrin Fischer via Koha-devel
Sent: Monday, 15 April 2024 6:29 AM
To: koha-devel at lists.koha-community.org
Subject: Re: [Koha-devel] SelfCheckoutByLogin

 

Hi,

I think there is probably no specific reason, it's just not been developed yet.

As a next step you could search Bugzilla (https://bugs.koha-community.org/bugzilla3/) for any related bugs. If there is no existing report yet, you could file a new enhancement request.

Hope this helps,

Katrin

On 12.04.24 23:49, long_sam.tw via Koha-devel wrote:

Hi, all

 

Koha SelfCheckoutByLogin 

 

https://koha-community.org/manual/latest/en/html/circulationpreferences.html#selfcheckoutbylogin

 

 

I found that only local account authentication and cardnumber are supported, but other authentication methods are not supported,

such as google openid Oauth2, are not supported.

 

Can anyone explain the reason?

 

With respect, long_sam

 

 





_______________________________________________
Koha-devel mailing list
Koha-devel at lists.koha-community.org <mailto:Koha-devel at lists.koha-community.org> 
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : https://www.koha-community.org/
git : https://git.koha-community.org/
bugs : https://bugs.koha-community.org/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20240415/966b20f9/attachment.htm>

More information about the Koha-devel mailing list