Skip to content

Ilios v3 and Shibboleth Authentication

Jump to bottom Edit New page
Stefan Topfstedt edited this page Jun 10, 2016 · 6 revisions

Ilios makes a few assumptions regarding the Shibboleth implementation that need to be met in order for it to work out of the box.
As of version 3.13, these defaults can be overridden via config options in your installation's parameters.yml file.

  1. Ilios expects the IdP to assert eppn as the user-identifying attribute in authenticated user sessions. This attribute can be changed by overriding the shibboleth_authentication_user_id_attribute configuration parameter.
    ACHTUNG! Mapping to something other than EPPN carries the potential of authenticating with identities that are not guaranteed to be unique across campuses. This makes it difficult (maybe impossible) to hook up an Ilios instance to a federation like InCommon without first remapping all existing users.

  2. By default, Ilios will assume your SP's log-in page to be located at /Shibboleth.sso/Login. Logging out of Ilios will land the user at the /Shibboleth.sso/Logout path on the SP.
    Both paths can be overridden via the shibboleth_authentication_login_path and shibboleth_authentication_logout_path parameters.

Resources

Add a custom footer
Add a custom sidebar
Clone this wiki locally