We’re everywhere!
Well, the good news is that I’ve reproduced your error when testing OIDC on the master code branch. But the bad news is that I’ve reproduced your error when testing OIDC on the master code branch. I haven’t tested the Shibboleth integration yet as it’s more work to set up, but it could be related. The OIDC is working fine in 22.11.03, so it looks like it was broken between 22.11 and 23.05. I’ll look at fixing this one. (Authentication is a special interest of mine, so I’m usually a good person to ask about these things.) But if you can check the Koha logs for anything obvious for your Shibboleth issue in the meantime – that would be helpful. David Cook Senior Software Engineer Prosentient Systems Suite 7.03 6a Glen St Milsons Point NSW 2061 Australia Office: 02 9212 0899 Online: 02 8005 0595 From: Justin Dowswell <justin.dowsw...@tenantsunion.org.au> Sent: Friday, 30 June 2023 11:02 AM To: David Cook <dc...@prosentient.com.au> Cc: koha@lists.katipo.co.nz Subject: Re: [Koha] SSO Shibboleth & oauth issues Hey David, It's good to know there is a Koha community active so close to us! Great. So we're running 23.05 on Debian Bullseye installed using apt. I'll have a look through Koha's logs. We're using OAuth as an alternative, using the same IdP. Justin Dowswell Technology Coordinator Tenants' Union of NSW 02 8117 3721 On Fri, 30 Jun 2023 at 09:46, David Cook <dc...@prosentient.com.au <mailto:dc...@prosentient.com.au> > wrote: Hey Justin, Sorry to hear you're having issues, but great to see another organisation in NSW using Koha! Let's see if we can help you sort out this issue. What version of Koha are you running, how did you install it, and on which Linux distro? With the Shibboleth, you'll want to look at your Koha logs. With the other auth, are you using OAuth or OIDC? David Cook Senior Software Engineer Prosentient Systems Suite 7.03 6a Glen St Milsons Point NSW 2061 Australia Office: 02 9212 0899 Online: 02 8005 0595 -----Original Message----- Date: Wed, 28 Jun 2023 23:49:06 +1000 From: Justin Dowswell <justin.dowsw...@tenantsunion.org.au <mailto:justin.dowsw...@tenantsunion.org.au> > To: koha@lists.katipo.co.nz <mailto:koha@lists.katipo.co.nz> Subject: [Koha] SSO Shibboleth & oauth issues Message-ID: <cagzh+upebxvz2asoxmyyxhbctmy3mylh3ubpfvyqyzcrcqh...@mail.gmail.com <mailto:cagzh%2bupebxvz2asoxmyyxhbctmy3mylh3ubpfvyqyzcrcqh...@mail.gmail.com> > Content-Type: text/plain; charset="UTF-8" Hey everyone, I am Justin from the Tenants’ Union of NSW. Lovely to meet you all, albeit in an archaic manner. There is a Koha issue I am having trouble resolving… It’s a strange issue with Shibboleth and now I think the same issue displayed differently with oauth (that I wanted to implement as an alternative), both using the same IdP, and definitely isolated to Koha and/or the server running it. I believe it’s a caching issue of some sort… When I get redirected back to Koha after a successful login with Shibboleth, I get a HTTP 500 error, with this console output, unsure if actually related or not: (index):6577 crbug/1173575, non-JS module files deprecated. (anonymous) @ (index):6577 Refreshing the page redirects once again with a successful login. Oauth has a similar issue. I am redirected back to Koha after a successful login with the identity provider and I am greeted with an error message: > There was an error authenticating to external identity provider: > wrong_csrf_token Refreshing doesn't fix it but clicking the IdP login link again redirects back with a successful login and token. My theory is the redirect is happening too quickly before the token is actually retrieved. I've looked in Shibboleth's logs and have yet to see anything obvious. Thanks in advance, Justin Dowswell -- *The Tenants’ Union of NSW recognises that Aboriginal and Torres Strait Islander peoples are the First Peoples of Australia. Our office is on the lands of the Gadigal of the Eora Nation. We are committed to respecting Aboriginal and Torres Strait Islander peoples, cultures, lands, and histories as we battle for tenants’ rights in NSW. Read our full Acknowledgement of Country <https://www.tenants.org.au/tu/acknowledgement-country>.* <https://www.tenants.org.au/> tenants.org.au <http://tenants.org.au> <https://www.tenants.org.au/> <https://rentingfair.org.au> <https://www.facebook.com/TUNSW/> <https://twitter.com/TUNSW> <https://www.youtube.com/channel/UCEkW8D86OVVAV0QedKFhl9w> This email transmission is intended only for the addressee and may contain confidential or privileged information. Confidentiality and privilege are not waived if you are not the intended recipient of the email, nor may you use, review, disclose, disseminate or copy any information contained or attached to it. If you received this email in error please delete it and any attachments and notify us immediately by return email. Tenants' Union of NSW can only provide information and advice in the New South Wales and Commonwealth jurisdictions. If you are enquiring from another state or territory please contact your local community legal centre. The Tenants’ Union of NSW recognises that Aboriginal and Torres Strait Islander peoples are the First Peoples of Australia. Our office is on the lands of the Gadigal of the Eora Nation. We are committed to respecting Aboriginal and Torres Strait Islander peoples, cultures, lands, and histories as we battle for tenants’ rights in NSW. Read our full Acknowledgement of Country <https://www.tenants.org.au/tu/acknowledgement-country> . <https://www.tenants.org.au/> tenants.org.au <https://www.tenants.org.au/> <https://rentingfair.org.au/> <https://www.facebook.com/TUNSW/> <https://twitter.com/TUNSW> <https://www.youtube.com/channel/UCEkW8D86OVVAV0QedKFhl9w> _____ This email transmission is intended only for the addressee and may contain confidential or privileged information. Confidentiality and privilege are not waived if you are not the intended recipient of the email, nor may you use, review, disclose, disseminate or copy any information contained or attached to it. If you received this email in error please delete it and any attachments and notify us immediately by return email. Tenants' Union of NSW can only provide information and advice in the New South Wales and Commonwealth jurisdictions. If you are enquiring from another state or territory please contact your local community legal centre. _____ _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
