[
http://jira.dspace.org/jira/browse/DS-48?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=10179#action_10179
]
Mark Diggory commented on DS-48:
--------------------------------
There are two things going on here that I think we should consider.
A.) Non-Implicit Authentication as a Shibboleth User when accessing a protected
resource (much like Password Authentication) requires reentry through
AuthenticationAction or ShibServlet to correctly process the shib user into an
EPerson
B.) Implicit Resolution of Special Groups when a User has Shibboleth headers
present in the request (or Shib groups are in users session) is much like
IPAddressAuthenticator and happens on every request, this can be annoymous.
My repsonse about about AuthenitcateAction is incorrect, in XMLUI
ShibbolethAction is the controller for verifying that the shibboleth return
trip is porcessed correctly. This igves us a chance to manage the lack of an
EPerson differently in this class.
At this point ShibbolethAction, expecting this to be a "non-implicit"
authentication process forces (A) and requires a Context/EPerson as a result.
We've been having authenitcation/authorization discussion in the 2.0 group as
well. There are actually 3 call processes for Authenication/Authorization
1.) Authenticate User Credentials "AuthenticationManager.authenticate"
2.) Get User Groups "AuthenitcationManaer.getSpecialGroups"
3.) Authorize User+Groups "AuthorizationManager.authorize"
AuthenticationMethods mush the first 2 together and make it difficult to
operate them separately. (2) and (3) are used in IP Authenitcation while (1)
returns BAD_ARGS.
We might try altering ShibbolethAction to not require an EPerson if the
configuration allows for annonymous shibboleth authentication, this might be
all thats required to make this work with the XMLUI as well.
> shibboleth+dspace1.5.1 patch - ID: 2412723
> ------------------------------------------
>
> Key: DS-48
> URL: http://jira.dspace.org/jira/browse/DS-48
> Project: DSpace 1.x
> Issue Type: New Feature
> Affects Versions: 1.5.1
> Reporter: Charles Kiplagat
> Assignee: Mark Diggory
> Fix For: 1.5.2
>
> Attachments: shib-dspace3613, shib-dspace3613-new
>
>
> This is the shibboleth patch for dspace1.5.1
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.dspace.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
