Introduction

Screenshots

../_images/be_form_typo3_8.png ../_images/be_form_typo3_7.png ../_images/fe_login_link.png

What does it do?

This extension is an authentication extension, which allows to use Shibboleth as login system for FE as well as BE authentication. It requires the mod_shib Apache module installed and configured on the web server. It offers versatile options to handle users being authenticated by Shibboleth.

“The Shibboleth® System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.” (Cited from https://www.internet2.edu/products-services/trust-identity-middleware/shibboleth/).

Getting started

It must be said that setting up Shibboleth is a complex task. This is for two reasons.

  • A number of componentes and systems must be configured to work together.

  • Every organization has it’s own demands and requirements in how to use Shibboleth.

    I know, you are short of time. If you really want to skip from here on, please read at least the Checklists. It will help you save time and avoid serious errors in the configuration. Be aware that defining a wrong login process is almost always a security issue!

    It is your responsiblity to test your configuration to make really sure, no one can login, who should not be allowed to do so!

To get the installation done in a most straight forward way, I recommend to follow these steps:

  • Make sure to fulfill the Prerequisites.
  • You avoid a lot of troubleshooting, if you check your Shibboleth installation by the method described in Checking the installation.
  • As described there, take a copy of the contents of the $_SERVER variable. You will need this later, when defining your login conditions and parameters.
  • Install and activate this extension (Installation)
  • Make sure to create your own “mapping configuration” file, e.g. by taking a copy of the sample file. Never use the sample file directly! (Mapping Configuration File)
  • Change the extension configuration where needed. You will have to at least change the path to the “mapping configuration” file and to switch on FE and/or BE authentication. For FE you additionally have to specify the user storage folder by it’s PID. (see Configuration Options)
  • Be sure to thoroughly think about the correct conditions for letting users in! (see Defining your requirements)
  • Then edit the “configuration mappings” file accrodingly. (see Mapping Configuration File)
  • This is also the right time to go through the Checklists
  • For the frontend, insert the frontend plugin whereever you want it to have.
  • Have a first try! If it fails, refer to Debugging.
  • Finally, test the result thoroughly! Use all types of users that shall be allowed to log in as well as those that must not be allowed to login!