Skip to content

Open Journal Systems (OJS)

David Beitey edited this page Aug 28, 2020 · 5 revisions

Open Journal Systems (OJS) is an open source software application for managing and publishing scholarly journals. Originally developed and released by PKP in 2001 to improve access to research, it is the most widely used open source journal publishing platform in existence, with over 10,000 journals using it worldwide.

All examples assume you have installed and configured Shibboleth with FastCGI support and have the authorizer and responder operating already with suitable nginx location blocks and have shib_request available.

OJS v3.x

OJS 3 has Shibboleth support but lacks Optional implicit authentication; it is either all or nothing at present.

Document is under development at present.

OJS v2.x

With FastCGI (or other non-HTTP proxy) hosting of our application , we can avoid the need for headers and avoid the possibility of spoofing. Bear in mind this feature requires nginx-http-shibboleth 2.0 or above.

In short, the configuration below sets up one specific endpoint to receive the Shibboleth variables (implicitAuthReturn) and sets OJS up to allow Shibboleth authentication and read a user's data from corresponding environment variables.

nginx.conf

  server {
     # ... other configuration for serving OJS, PHP, etc
     # ... other location blocks for nginx-http-shibboleth as per https://github.com/nginx-shib/nginx-http-shibboleth#configuration

     # Shibboleth authentication end-point for OJS
     location = /index.php/index/login/implicitAuthReturn {
         shib_request /shibauthorizer;
         
         # Add or modify to suit your Shibboleth variable configuration
         # This ensures that ONLY this endpoint receives the variables as FastCGI params
         shib_request_set $shib_givenname $upstream_http_variable_givenname;
         fastcgi_param GIVENNAME $shib_givenname;
         shib_request_set $shib_sn $upstream_http_variable_sn;
         fastcgi_param SN $shib_sn;
         shib_request_set $shib_email $upstream_http_variable_email;
         fastcgi_param EMAIL $shib_email;
         shib_request_set $shib_organizationname $upstream_http_variable_organizationname;
         fastcgi_param ORGANIZATIONNAME $shib_organizationname;

         include conf.d/php-location;
     }
  }

conf.d/php-location for Nginx

fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
    return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param   SCRIPT_FILENAME         $document_root$fastcgi_script_name;
fastcgi_param   PATH_INFO               $fastcgi_path_info;
fastcgi_param   PATH_TRANSLATED         $document_root$fastcgi_path_info;
more_clear_headers 'X-Powered-By';

OJS's config.inc.php

; Is implicit authentication enabled or not
; Optional allows both local login and Shibboleth at the same time
implicit_auth = Optional

; Implicit Auth Header Variables
; Add or adjust configuration for other variables. MUST match Nginx's fastcgi_params
implicit_auth_header_first_name = GIVENNAME
implicit_auth_header_last_name = SN
implicit_auth_header_email = EMAIL
;implicit_auth_header_phone = TELEPHONENUMBER
;implicit_auth_header_initials = METADATA_INITIALS
implicit_auth_header_mailing_address = ORGANIZATIONNAME
implicit_auth_header_uin = EMAIL

; A space delimited list of uins to make admin
implicit_auth_admin_list = "[email protected],[email protected],[email protected]"

; URL of the implicit auth 'Way Finder' page. See pages/login/LoginHandler.inc.php for usage.
implicit_auth_wayf_url = "/Shibboleth.sso/Login"
Clone this wiki locally