Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-1503

ShibAuthentication depends on use of non-recommended Apache UseHeaders setting

    XMLWordPrintable

    Details

    • Attachments:
      0
    • Comments:
      10
    • Documentation Status:
      In Comments

      Description

      ShibAuthentication has a method findHeader that checks the request header for an attribute (like mail address, first name, last name). Pulling attributes from the header is not recommended per Shibboleth documentation and is not the default:

      ShibUseHeaders On|Off

      Defaults to "Off", this turns on the use of request headers to publish attributes to applications. Use of this option should be avoided. Be sure to review the topic on spoof checking if you enable it. (https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig)

      By default, the attribute values are only available via getAttribute()

        Attachments

          Activity

            People

            Assignee:
            hardyoyo Hardy Pottinger
            Reporter:
            ottenhoffs Samuel Ottenhoff
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: