[librecat-dev] librecat sso module

Nicolas Franck Nicolas.Franck at UGent.be
Wed Feb 14 16:44:09 CET 2018

Hi Jonathan,

Yes I am, and for the moment I am the only person working on this project.
It requires some review, which hasn't been done yet. I'm also on the librecat email list.
So feel free to post questions there about this module.

This functionality is not functional yet in the main repo "LibreCat".
A few months ago they asked me to write functionality for single-sign-on authentication.
First I added some packages to the repo "LibreCat", but soon I realized that the functionality could
be reused, and I created the repo "LibreCat-Auth-SSO". That's why you would see
packages like LibreCat::Auth::SSO in the main librecat repo. But those are old, and
should be removed once the code from LibreCat-Auth-SSO is posted on CPAN.

But as I said, it needs some review, in my opinion.
Have you tried the examples (see README below)? Those explain how it works.

What should happen:

* someone should review the current repo LibreCat-Auth-SSO
* the repo should be posted on CPAN
* the repo should be added to cpanfile of librecat
* extra routes should be added to librecat for authentication and authorization for every single-sign-on type (from config?)

The simplest part is the authentication: the repo already provides plack applications for those.
The authorization has to be done by a route of the application itself, that knows how to translate
an authenticated user into a session.

So I haven't tried LibreCat with Shibboleth. But I did manage to setup an example
plack application with shibboleth. For an example see the perl documentation
in Plack::Auth::SSO::Shibboleth ( starting at "GLOBAL SETUP" ).

As the documentation explains, this module does not do the actual authentication:
the authentication is done by the shibboleth provider from apache. The shibboleth provides
sents the attributes to the backend application either by header (default) or by parameter.

So a plack application can only use shibboleth when used a backend application behind apache.

> On 14 Feb 2018, at 16:09, Jonathan NORRIS <jnorris at ist.ac.at> wrote:
> Hello Nicolas,
> Are you the same Nicolas Franck who wrote this SSO module for LibreCat? https://github.com/LibreCat/LibreCat-Auth-SSO
> If so I was wondering if you would be willing to help me integrate this module into my LibreCat setup so I can use Shibboleth for authentication.
> First I have a couple of questions:
> - Have you every configured LibreCat to use the SSO module with Shibboleth?
> - Are you the only person to have worked on this module or have the other LibreCat developers also worked on it?
> - Are you on the LibreCat dev mailing list, and would my queries about this module be best posted to this mailing list?
> I am a developer working for the Institute of Science and Technology Austria and am trying to configure LibreCat for our needs. So any help is greatly appreciate by me and the institute :)
> Thanks,
> Jonathan
> IST Austria

More information about the librecat-dev mailing list