EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #04220


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

[EP-tech] Re: Shibboleth/SAML and ePrints 3.3.x


I use eprints in reverse proxy through a load-balancer for some time
To use this configurazione you must:
  - set: $c->{ignore_login_ip} = 1;
    in cfg/cfg.d/misc.pl (so cookie don't use the ip)
  - set $c->{host} and $c->{securehost} in cfg/cfg.d/10_core.pl like
your apache virtual host on reverse site (the public name)
    in this case there is a warning in the error log when start apache
  - if you want to have the log of internal apache with real ip then you
should
     - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b
\"%{Referer}i\" \"%{User-Agent}i\"" proxy
     - CustomLog /var/log/apache/access_log_real proxy

Il 12/05/2015 10:35, Yuri ha scritto:
> great work!
>
> Note: if Eprints can be run behind a reverse proxy, you just need the 
> rev proxy to support shibboleth and jump directly to the Eprints config 
> (no apache config)
>
> Question: Can eprints be run under a reverse proxy?
>
> I've a central apache with shibboleth, and I would like to use it to rev 
> proxy eprints.
>
> Il 11/05/2015 19:14, David R Newman ha scritto:
>> Hi Matt,
>>
>> I know your original query was some time ago you asked but it took a
>> while to get round to having time to do a Shibboleth setup on a recent
>> OS (in this case CentOS 7) and then to write up some comprehensive and
>> hopefully clear instructions.  Anyway, they are now available at:
>>
>> http://wiki.eprints.org/w/Shibboleth
>>
>> I will admit the instructions are quite long-winded, as there are quite
>> a number of steps to install and the configure Shibboleth, before you
>> even get onto configuring EPrints and Apache.  However, a lot of the
>> stuff on this page is example configuration, which maybe makes the
>> amount of work look more than it is.
>>
>> Any feedback and/or suggested amendments to the wiki page would be
>> appreciated.  I am sure the way I have explained one or two things might
>> need some clarification.
>>
>> I am not adverse to the suggestion of making the "Configuring Apache and
>> EPrints" stage into a Bazaar package but there is no way of automating
>> the "Installing Shibboleth" and "Configuring Shibboleth" stages, as
>> these will vary between operating systems and require adding/modifying
>> files outside the EPrints scope.  I do not have the time at present to
>> write such a Shibboleth EPrints Bazaar package but if someone else is
>> keen, do not let me stop you.
>>
>> Regards
>>
>> David Newman
>>
>>
>>
>> On Wed, 2015-04-22 at 23:34 +0000, Matthew Brady wrote:
>>> Hi Alen, Thanks for the pointers..  I will have a read through your links and see what I can come up with and get working...
>>> Hi David,  running on RH6, and we are aiming to have this running as SSO for current authenticated users, and then fall back to the usual login screen if the SSO fails (e.g for internal eprint accounts)
>>>
>>> Thanks for the guidance.
>>>
>>> Matt
>>>
>>>
>>> -----Original Message-----
>>> From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of alen vodopijevec
>>> Sent: Wednesday, 22 April 2015 5:51 PM
>>> To: eprints-tech@ecs.soton.ac.uk
>>> Subject: [EP-tech] Re: Shibboleth/SAML and ePrints 3.3.x
>>>
>>> Hi!
>>>
>>> I have got it working 2 years ago and describe it here:
>>> https://github.com/alenkovich/Eprints-AAI-EduHr-Auth
>>>
>>> Currently I will have to implement it again on 3.3.13 but I'm looking into using mod_auth_mellon instead od auth_memcookie
>>>
>>> https://github.com/UNINETT/mod_auth_mellon
>>>
>>> Hope it helps..
>>>
>>> Regards,
>>> alen
>>>
>>>
>>>
>>> On 04/22/2015 01:40 AM, Matthew Brady wrote:
>>>> Hi All,
>>>>
>>>> I am looking at implementing Shibboleth/SAML in our version of ePrints.
>>>> Just wondering if anyone has done this for the 3.3.x versions, as the
>>>> only documentation I can find is from 2009, and I think goes back to
>>>> about 2.3.x.
>>>>
>>>> Any help/doco/instructions a little more recent would be most appreciated.
>>>>
>>>> Cheers
>>>>
>>>> Matt.
>>>>
>>>> *Matt Brady *
>>>>
>>>> University of Southern Queensland
>>>>
>>>> Toowoomba | Queensland | 4350 | Australia
>>>>
>>>> _____________________________________________________________
>>>> This email (including any attached files) is confidential and is for the intended recipient(s) only. If you received this email by mistake, please, as a courtesy, tell the sender, then delete this email.
>>>>
>>>> The views and opinions are the originator's and do not necessarily reflect those of the University of Southern Queensland. Although all reasonable precautions were taken to ensure that this email contained no viruses at the time it was sent we accept no liability for any losses arising from its receipt.
>>>>
>>>> The University of Southern Queensland is a registered provider of education with the Australian Government.
>>>> (CRICOS Institution Code QLD 00244B / NSW 02225M, TEQSA PRV12081 )
>>>>
>>>>
>>>>
>>>> *** Options:
>>>> http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>>>> *** Archive: http://www.eprints.org/tech.php/
>>>> *** EPrints community wiki: http://wiki.eprints.org/
>>>> *** EPrints developers Forum: http://forum.eprints.org/
>>>>
>>> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>>> *** Archive: http://www.eprints.org/tech.php/
>>> *** EPrints community wiki: http://wiki.eprints.org/
>>> *** EPrints developers Forum: http://forum.eprints.org/
>>>
>>>
>>> _____________________________________________________________
>>> This email (including any attached files) is confidential and is for the intended recipient(s) only. If you received this email by mistake, please, as a courtesy, tell the sender, then delete this email.
>>>
>>> The views and opinions are the originator's and do not necessarily reflect those of the University of Southern Queensland. Although all reasonable precautions were taken to ensure that this email contained no viruses at the time it was sent we accept no liability for any losses arising from its receipt.
>>>
>>> The University of Southern Queensland is a registered provider of education with the Australian Government.
>>> (CRICOS Institution Code QLD 00244B / NSW 02225M, TEQSA PRV12081 )
>>>
>>>
>>> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>>> *** Archive: http://www.eprints.org/tech.php/
>>> *** EPrints community wiki: http://wiki.eprints.org/
>>> *** EPrints developers Forum: http://forum.eprints.org/
>> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>> *** Archive: http://www.eprints.org/tech.php/
>> *** EPrints community wiki: http://wiki.eprints.org/
>> *** EPrints developers Forum: http://forum.eprints.org/
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: http://www.eprints.org/tech.php/
> *** EPrints community wiki: http://wiki.eprints.org/
> *** EPrints developers Forum: http://forum.eprints.org/