pkp / shibboleth Goto Github PK

Seems to be named locale with no extension as usual locale.xml. If it wrong my appreciation, please forget this comment.

See the error that happens under OJS 3.3.0

PHP Fatal error: Declaration of ShibbolethSettingsForm::fetch($request) must be compatible with Form::fetch($request, $template = null, $display = false) in /var/www/html/plugins/generic/shibboleth/ShibbolethSettingsForm.inc.php on line 98

Clicking the enable tickbox brings the message "The plugin "Shibboleth Authentication Plugin" has been enabled." to the screen, but the checkbox isn't checked afterwards and can't be disabled.

Hi everyone,
even though the required status of the LastName field was removed from the SettingsForm, the ShibbolethHandler still treats the LastName as a required property and causes the registration to fail.

Version
OJS: 3.3.0.13
Shibboleth plugin: latest, installed from plugin gallery

In short: the assignment of the email as username will cause the registration to fail, as the character limit for usernames is 32 and only alphanumeric characters are allowed.

Steps to reproduce the issue:
Register a new user by using the Shibboleth Institutional Sign-In.

I confirmed this by assigning a username that fits the criteria $user->setUsername("testuser123");
With this setting the registration works.

Detailed description:
can be found in the PKP forum: https://forum.pkp.sfu.ca/t/fatal-error-on-shibboleth-registration/76215

Hi, I have an 3.3.0.10 installation of OJS, recently i add this plugin but i can't configure it because it shows me a Failed Ajax request or invalid JSON returned.

The log said:

PHP Fatal error: Declaration of ShibbolethSettingsForm::fetch($request) must be compatible with Form::fetch($request, $template = null, $display = false) in /openjs/ojs/plugins/generic/shibboleth/ShibbolethSettingsForm.inc.php on line 98

Could you help me, please??
I have a Redhat 8.7 with apache 2.4.37 and PHP 8.0

Thanks in advance...

The plugin settings should not take effect until it is configured. Currently, if the plugin is enabled, but unconfigured, the system triggers an HTTP redirect loop.

Upon a successful login with Shibboleth, and if the user does not already exist, a new user is created. Among other things, the user's first name and last name are set (with setFirstName and setLastName respectively). However, since pkp-lib's 32d50e1a846d8c9493ec6a1f24661aa0b28371d7 commit, these 2 functions are gone and replaced by (presumably) setGivenName and setFamilyName in the Identity data object. This results in a PHP Fatal error: Uncaught Error: Call to undefined method User::setFirstName(). Would switching setFirstName and setLastName for setGivenName and setFamilyName respectively in ShibbolethHandler.inc.php suffice as a fix?

The plugin doesn't work under OJS 3.3 due to minor issues.

The local "Forgot Password" option redirects to the Shibboleth Sign-In instead of providing the user with a form to reset their password.

Proposed solution:
replace the functions leading to that behaviour with the corresponding functions from the LoginHandler, so that a new password is sent to the user via e-mail.
See Draft-PR #23

Settings should be denoted as required or optional:

Note that surname/family-name should not be required, in favor of only requiring given name:

Context
We have a use case where graduate student workers serve as site admins. We periodically need to add and remove them as site admins using the Shibboleth form setting. We've run into problems disabling these graduate student workers after they graduate and seem to be unable to de-escalate their privileges through the Shibboleth plugin form.

Issue
I believe the issue is caused because the student worker needs to login after we have removed them from the admin list to trigger their removal from the admin group here. Typically this maintenance happens after students have graduated and it isn't practical/possible to have them login again.

Steps to Reproduce

1. Have two accounts that you can login via Shibboleth
2. Set both of those accounts as admins in the Shibboleth settings
3. Have both login to escalate their privileges
4. Remove one of them from the admin users list in Shibboleth plugin settings but do not login with that account
5. With the other admin account, try to edit the account you just removed from the admin list

Proposed solution
Trigger an admin group update for each person in shibbolethAdminUins upon saving the plugin settings form.

Version
OJS: 3.3.0.6
Shibboleth plugin: latest

The user-facing label and description settings should be multilingual:

This will require changes to:

• templates/settingsForm.tpl (collection)
• templates/shibbolethProfile.tpl (display)
• ShibbolethSettingsForm.inc.php (crud)

We're running a test where OJS is behind an Apache reverse proxy and when authenticating with Shibboleth we use the RequestHeader set HEADER value directive to set the appropriate headers which are later read in the plugin as:

$uinHeader = $this->_plugin->getSetting(
    $this->_contextId,
    'shibbolethHeaderUin'
);
...
$_SERVER[$uinHeader]

The problem is that the headers we set are not available in $_SERVER. However, they are available in the Apache-specific getallheaders.

To overcome the problem we've added this snippet to ShibbolethHandler.inc.php at the beginning of shibLogin:

// If we are using Apache let's try and get all the headers and combine
// them in $_SERVER.
if (function_exists("getallheaders")) {
    $_SERVER = array_merge(getallheaders(), $_SERVER);
}

Do you think that would be reasonable to add to the plugin? Do you have any other suggestions? Thanks!