DSpace Shibboleth authentication module needs to support Lazy Authentication,
NetID based authentication, and additional EPerson metadata
-----------------------------------------------------------------------------------------------------------------------------------------
Key: DS-1012
URL: https://jira.duraspace.org/browse/DS-1012
Project: DSpace
Issue Type: New Feature
Components: DSpace API
Reporter: Scott Phillips
Assignee: Scott Phillips
Fix For: post-1.8.0
For a long time the Texas Digital Library has maintain a separate Shibboleth
Authenticator that we've been using around the state for DSpace repositories
and Vireo installations. This issue represents the work to migrate those custom
modifications into the default Shibboleth Authenticator. There three key
features that this provides for DSpace is:
1) Lazy Authentication. Apache no longer needs to protect a special url
(/shibboleth-login) instead when the user needs to be authenticated DSpace
assume the responsibility of sending the user to the Shibboleth Initiator. This
allows for more flexable deployments because you can install any number of
repositories on a domain without needed to adjust the apache settings for which
urls are protected. Of course if you don't want to use lazy auth the old method
still works.
2) NetID based identification. Users change their email address and if you're
doing user lookup based upon email addresses when this happens you'll create
two seperate user accounts and people will be confused. Since most shibboleth
IDPs are just an interface over ldap it makes sense to configure shibboleth to
identify users based upon netids. With Shibboleth 2.x you can also use targeted
IDs. Of course if you don't want to mess with netids the old way still works
just fine. There are three ways users are identified NetId, Email, and Tomcat
Remote User.
3) Additional Eperson metadata. The EPerson object has get/setMetadata()
methods to store additional metadata about a user. This authentication method
allows you to take shibboleth attributes and store them on the eperson object
as additional metadata. If you're using Vireo then some of these attributes
will be used to aid in filling out ETD submission forms. This allows the form
to be pre-filled with department, graduation semester, user's phone number and
address. By it's self this feature dosn't do much because no other part of
DSpace is looking for these metadata fields but it provides the underlying
infrastructure to support it. Of course if you don't want additional metadat it
works just fine as well.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.duraspace.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
