Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-2483

sword.compatability configuration misspelled in authentication-shibboleth.cfg

    Details

    • Attachments:
      0
    • Comments:
      3
    • Documentation Status:
      Not Required

      Description

      In the "authentication-shibboleth.cfg" the configuration "sword.compatability" is misspelled, and therefore doesn't work.

      https://github.com/DSpace/DSpace/blob/master/dspace/config/modules/authentication-shibboleth.cfg#L104

      It should instead be: "sword.compatibility" , as that is the name of the Configuration that the ShibAuthentication class actually looks for:
      https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/authenticate/ShibAuthentication.java#L170

      Because of this misspelling, "sword.compatibility" is always enabled with Shibboleth, despite the config file implying that it is disabled by default.

      This means that if you have both Shibboleth and Password authentication enabled, if Shibboleth is listed first, it will be used instead of Password authentication, and you'll see messages like this one in your log files:

      org.dspace.authenticate.ShibAuthentication @ [user-email] has been authenticated via shibboleth using password-based sword compatibility mode.

      (This essentially means that "ShibAuthentication" hijacks the password authentication by default, and doesn't allow PasswordAuthentication to perform its processing for Special Groups, etc)

      The Shibboleth documentation is also incorrect and misspells this configuration:
      https://wiki.duraspace.org/display/DSDOC5x/Authentication+Plugins

        Attachments

          Activity

            People

            • Assignee:
              tdonohue Tim Donohue
              Reporter:
              tdonohue Tim Donohue
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: