Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-3084

Allow more flexibilty in assigning DSpace groups to Shibboleth affiliations

    Details

    • Attachments:
      0
    • Comments:
      1
    • Documentation Status:
      Needed

      Description

      Currently DSpace requires users to configure whether to ignore scope or value of Shibboleth affiliations in assigning people to DSpace groups.

      There is an improvement in DS-2048 to overcome this limitation by allowing the configuration of a mix of scope and value associations to DSpace groups by automagically trying for the value as well as for the scope. According to the cmment by Hardy Pottinger (26/Oct/14 7:29 PM), that could cause problems in certain situations.

      Here I provide an other approach that hopefully would not break current configurations.

      In case that DSpace Shibboleth authentication is configured not to ignore both value and scope, we should look for special groups' assignment based on the value, then look for special groups based on the scope. These special group assignments should be written as @scope-only.edu, or value-only@.

      I.e.:
      If we have this in config:

      1. Whether to ignore the attribute's scope or value.
        authentication-shibboleth.role-header.ignore-scope = false
        authentication-shibboleth.role-header.ignore-value = false

      having a scoped affiliation received from Shibboleth student@my.scope.edu

      all the following special group assignments are considered if available in the configuration, so the user is added also to Group1, Group2 and Group3
      authentication-shibboleth.role.student@my.scope.edu = Group1
      authentication-shibboleth.role.student@ = Group2
      authentication-shibboleth.role.@my.scope.edu = Group3

      By using the @ sign at the and of the value-only assignment and at the beginning of the scope-only assignment, name collisions will not occure.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jmarton Jozsef Marton
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: