Skip to content

CESNET/user_shib

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

appinfo

appinfo

 
 

controller

controller

 
 

css

css

 
 

db

db

 
 

js

js

 
 

lib

lib

 
 

templates

templates

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

AUTHORS.md

AUTHORS.md

 
 

CHANGELOG.md

CHANGELOG.md

 
 

COPYING

COPYING

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

admin.php

admin.php

 
 

personal.php

personal.php

 
 

phpunit.integration.xml

phpunit.integration.xml

 
 

phpunit.xml

phpunit.xml

 
 

usershib.php

usershib.php

 
 

Repository files navigation

User Shib

This application enables federated Shibboleth authentication and automatic user and group provisioning based on Shibboleth attributes. It requires a configured and running Shibboleth SP.

Shibboleth configuration

You can configure a Shibboleth SP by following this official guide.

Apache configuration

In order to get the authentication backend working you must enforce Shibboleth session at least on the following Location:

<Location /owncloud/index.php/apps/user_shib/login>
	AuthType shibboleth
	ShibRequireSession On
	ShibUseHeaders Off
	ShibExportAssertion On
	ShibRequestSetting requireSession 1
</Location>

Since we establish a proper ownCloud authenticated session on the login URL above, the rest of the ownCloud could be covered by a Shibboleth lazy session, We rely on the ownCloud here to determine, if it needs authentication or not.

<Location /owncloud>
	...
	AuthType shibboleth
	Require shibboleth
	ShibUseHeaders Off
	ShibExportAssertion On
</Location>

App configuration

As of now, you can install the app by just putting it inside your apps/ directory and enabling it, like you would with any other app.

Admin configuration

On the Admin page, you can configure mapping of Shibboleth attributes to ownCloud and some backend options. The meaning of each option is following:

Mapping configuration

  • Attribute prefix - prefix for all attributes provided by Shibboleth (aka attributePrefix Shibboleth setting).
  • Username - attribute to be used for ownCloud user name.
  • Full Name - attribute to be used for display name.
  • First Name - alternative attribute to be used for display name.
  • Surname - alternative attribute to be used for display name.
  • Email - attribute to be used as contact e-mail address.
  • Groups - attribute to be used for group assignment [not implemented yet].
  • Affiliation - attribute to be used for access control policy [not implemented yet].

Backend configuration

  • Backend Activated - Disabling it disables authentication using this user backend, but keeps everything else in place.
  • Autocreate accounts - Create new account on user's first login.
  • Update user info on login - Updates user's mail, display name, last seen and other metadata on each login.
  • Protected Groups - Do not override this OC groups by Shibboleth attribute Groups [not implemented yet].

Personal configuration

Users are required to set a special password for the synchronization clients on their Personal page under Client login credentials section.

About

Shibboleth user and group backend app for ownCloud

Resources

Readme

License

AGPL-3.0, AGPL-3.0 licenses found

Licenses found

AGPL-3.0
LICENSE
AGPL-3.0
COPYING
Activity
Custom properties

Stars

0 stars

Watchers

9 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PHP 91.6%
  • JavaScript 5.5%
  • Makefile 2.1%
  • CSS 0.8%