1 package C4::Auth_with_Shibboleth;
3 # Copyright 2011 BibLibre
5 # This file is part of Koha.
7 # Koha is free software; you can redistribute it and/or modify it under the
8 # terms of the GNU General Public License as published by the Free Software
9 # Foundation; either version 2 of the License, or (at your option) any later
12 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
13 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
14 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License along
17 # with Koha; if not, write to the Free Software Foundation, Inc.,
18 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug);
32 $VERSION = 3.03; # set the version for version checking
35 @EXPORT = qw(logout_shib login_shib_url checkpw_shib get_login_shib);
37 my $context = C4::Context->new() or die 'C4::Context->new failed';
38 my $protocol = "https://";
40 # Logout from Shibboleth
43 my $uri = $protocol . C4::Context->preference('OPACBaseURL');
44 print $query->redirect( $uri . "/Shibboleth.sso/Logout?return=$uri" );
47 # Returns Shibboleth login URL with callback to the requesting URL
51 my $param = $protocol . C4::Context->preference('OPACBaseURL') . $query->script_name();
52 if ( $query->query_string() ) {
53 $param = $param . '%3F' . $query->query_string();
55 my $uri = $protocol . C4::Context->preference('OPACBaseURL') . "/Shibboleth.sso/Login?target=$param";
59 # Returns shibboleth user login
62 # In case of a Shibboleth authentication, we expect a shibboleth user attribute (defined in the shibbolethLoginAttribute)
63 # to contain the login of the shibboleth-authenticated user
65 # Shibboleth attributes are mapped into http environmement variables,
66 # so we're getting the login of the user this way
68 my $shib = C4::Context->config('shibboleth') or croak 'No <shibboleth> in koha-conf.xml';
70 my $shibbolethLoginAttribute = $shib->{'userid'};
71 $debug and warn "shibboleth->userid value: $shibbolethLoginAttribute";
72 $debug and warn "$shibbolethLoginAttribute value: " . $ENV{$shibbolethLoginAttribute};
74 return $ENV{$shibbolethLoginAttribute} || '';
77 # Checks for password correctness
78 # In our case : does the given username matches one of our users ?
80 $debug and warn "checkpw_shib";
82 my ( $dbh, $userid ) = @_;
84 $debug and warn "User Shibboleth-authenticated as: $userid";
86 my $shib = C4::Context->config('shibboleth') or croak 'No <shibboleth> in koha-conf.xml';
88 # Does it match one of our users ?
89 my $sth = $dbh->prepare("select cardnumber from borrowers where userid=?");
90 $sth->execute($userid);
92 $retnumber = $sth->fetchrow;
93 return ( 1, $retnumber, $userid );
95 $sth = $dbh->prepare("select userid from borrowers where cardnumber=?");
96 $sth->execute($userid);
98 $retnumber = $sth->fetchrow;
99 return ( 1, $retnumber, $userid );
102 # If we reach this point, the user is not a valid koha user
103 $debug and warn "User $userid is not a valid Koha user";