Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-2483

sword.compatability configuration misspelled in authentication-shibboleth.cfg

    XMLWordPrintable

    Details

    • Attachments:
      0
    • Comments:
      3
    • Documentation Status:
      Not Required

      Description

      In the "authentication-shibboleth.cfg" the configuration "sword.compatability" is misspelled, and therefore doesn't work.

      https://github.com/DSpace/DSpace/blob/master/dspace/config/modules/authentication-shibboleth.cfg#L104

      It should instead be: "sword.compatibility" , as that is the name of the Configuration that the ShibAuthentication class actually looks for:
      https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/authenticate/ShibAuthentication.java#L170

      Because of this misspelling, "sword.compatibility" is always enabled with Shibboleth, despite the config file implying that it is disabled by default.

      This means that if you have both Shibboleth and Password authentication enabled, if Shibboleth is listed first, it will be used instead of Password authentication, and you'll see messages like this one in your log files:

      org.dspace.authenticate.ShibAuthentication @ [user-email] has been authenticated via shibboleth using password-based sword compatibility mode.

      (This essentially means that "ShibAuthentication" hijacks the password authentication by default, and doesn't allow PasswordAuthentication to perform its processing for Special Groups, etc)

      The Shibboleth documentation is also incorrect and misspells this configuration:
      https://wiki.duraspace.org/display/DSDOC5x/Authentication+Plugins

        Attachments

          Activity

            People

            Assignee:
            tdonohue Tim Donohue
            Reporter:
            tdonohue Tim Donohue
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: