LP#1786552: optionally restrict auth_proxy login by home OU
authorJeff Davis <jeff.davis@bc.libraries.coop>
Fri, 8 Feb 2019 21:59:14 +0000 (13:59 -0800)
committerGalen Charlton <gmc@equinoxinitiative.org>
Fri, 6 Sep 2019 21:43:24 +0000 (17:43 -0400)
commitc485b3dcac422ad11e0cdb9d74f674e8c9f9355c
tree13d3cc70a3e2a6bca84350b3727d7a9f75eab9b4
parent3a7ca4a2c6c3d6ea893d13a38179e9b4a26e523a
LP#1786552: optionally restrict auth_proxy login by home OU

This adds a new restrict_by_home_ou setting to auth_proxy authenticator
config.  When enabled, if the login request includes an org param, the
authenticator will refuse to authenticate a user unless their home OU
matches or is a descendant of that org; login fails and auth_proxy
proceeds to the next configured authenticator.

Signed-off-by: Jeff Davis <jeff.davis@bc.libraries.coop>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Open-ILS/examples/opensrf.xml.example
Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm