![[Show/Hide Left Column]](styles/strasa/pics/icons/oleftcol.png "[Show/Hide Left Column]"){kind=icon}
![[Show/Hide Right Column]](styles/strasa/pics/icons/orightcol.png "[Show/Hide Right Column]"){kind=icon}
To Enable Shibboleth Authentication you will need to Do 2 main Steps.
Shibboleth Step 1: Update the Wiki
To enable Shibboleth authentication within the Wiki goto the Admin page and in dropdown box select Shibboleth
When Selected Goto the bottom to the Shibboleth Seettings.
Below is a table of the options and what they do.
| Property | Description |
| Create user if not in Tiki? | This option Creats a user when the user has logged in using Shibboleth but is not in the Wiki. |
| Just use Tiki auth for admin> | Used to allow admin to login via shibboleth (Not recomended) or just useing the tiki Auth |
| Valid Affiliaitions | A comma seperated list of affiliations wich will allow users to loginto this Wiki. |
| Create with a default group | If selected a default group will be created (If no group is specified a default of Shibboleth will be used) |
| Default Group | the name of the defalt group. If none Shibboleth will be used. |
When the above is completed the wiki is ready to use shibboleth as an authentication source. You will now need to ensure that shibboleth is setup correctly.
Below are the files that were modified to enable Shibboleth Authentication;
- lib/userslib.php
- templates/modules/mod-login_box.tpl
- templates/tiki-admin-include-login.tpl
- tiki-admin_include_login.php
- tiki-setup_base.php
Below is a table of these files and a description of the changes;
| File name | Description |
| userslib.php | This is used to validate a shibboleth user, changes have been made to the validate_user function. |
| tiki-admin-include-login.tpl | This file needs to be changed to display “Login through Shibboleth�? login box when not loged in. |
| tiki-admin-include-login.tpl | This file needs to be changed to display the Shibboleth options in the Login Admin page |
| tiki-admin_include_login.php | This file changes will process the new values in the Login Admin page above. |
| tiki-setup_base.php | This page will need to be changed to ensure the shibboleth user is validated. |
Shibboleth step 2:Update Shibboleth
To enable the wiki to be protected by Shibboleth you will need to add a the following to you apache conf.
<Location /tikiwiki/tiki-login_scr.php>
AuthType shibboleth
ShibRequireSession On
ShibRequireAll On
require valid-user
</Location>
The other thing you will need to do is update your Shibboleth Service Providers AAP (Attribute Assertion Policy) AAP.XML.
Below are the Attributes required by the Tikiwiki Auth and the required Header values;
<AttributeRule Name="urn:mace:dir:attribute-def:eduPersonPrincipalName" Scoped="false" Header="REMOTE_USER">
<AnySite>
<!-- Ensure the value is unscoped so all IDs are unique-->
<Value Type="regexp">.*@.*</Value>
</AnySite>
</AttributeRule>
<AttributeRule Name="urn:mace:dir:attribute-def:mail" Header="MAIL">
<AnySite>
<AnyValue/>
</AnySite>
</AttributeRule>
<AttributeRule Name="urn:mace:dir:attribute-def:eduPersonAffiliation" Header="Shib-EP-UnscopedAffiliation">
<AnySite>
<AnyValue/>
</AnySite>
</AttributeRule>
Contributors to this page: marclaporte
.
Page last modified on Sunday 05 August, 2007 04:30:25 UTC by marclaporte .
Sidebar
Doc Menu
![[toggle]](pics/icons/module.png "[toggle]")
![[toggle]](javascript:icntoggle('mod-DocUserMenul2','module.png'); "[toggle]"){kind=small}
New in version...Featured links
Last changes
Freetags editor
Sidebar
To register
To have an account at this site, please register at Tikiwiki.org
, and then use that user name and password to log in here.
, and then use that user name and password to log in here.Find by Page Name
Powered by TikiWiki CMS/Groupware |
Theme: Strasa
[ Execution time: 0.15 secs ] [ Memory usage: 6.14MB ] [ 94 database queries used in 0.0 secs ] [ Server load: 0.22 ]
Last update from SVN(4.2): Thursday 11 March, 2010 22:34:33 UTC
- REV 26071