clarin-dspace icon indicating copy to clipboard operation
clarin-dspace copied to clipboard
verified publisher icon ufal

Shibboleth - 1.3.2.3. Shibboleth login with persistent-id header and email available

Open kosarko opened this issue 2 years ago • 2 comments

Expectation

Use idp2 and “anon” as the username; the user should be logged in successfully, be in the “Authenticated” and “IDP2” groups (there’s no mapping for the unscoped-affiliation with value “student”), the netid column should be filled in.

Actual

the netid column should be filled in. -> it's not. No mention of config; but when netid-header = eppn,persistent-id... (other parts not tested, yet)

kosarko avatar Nov 14 '23 08:11 kosarko

@kosarko I managed to sign in successfully as the 'anon' user, but the user was only assigned to the 'Authenticated' group and not to 'IDP2'. The netid of the anon user after login looks like this: [email protected][https://idptestbed/idp/shibboleth] Is it OK?

I tested it on our our dev5 testing environment.

milanmajchrak avatar Apr 15 '24 12:04 milanmajchrak

@milanmajchrak the entityId of idp2 is https://someother/idp/shibboleth (https://github.com/ufal/dockerized-idp-testbed/blob/b3d95d05bcfd8a6080699051df7e85942493cfd3/idp2/shibboleth-idp/conf/idp.properties#L5). So it seems you've logged in through idp1

kosarko avatar Apr 19 '24 14:04 kosarko