[
https://jira.duraspace.org/browse/DS-1012?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Scott Phillips updated DS-1012:
-------------------------------
Attachment: ShibAuthentication.java
Here is the latest version, this has been tested at TAMU.
> DSpace Shibboleth authentication module needs to support Lazy Authentication,
> NetID based authentication, and additional EPerson metadata
> -----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DS-1012
> URL: https://jira.duraspace.org/browse/DS-1012
> Project: DSpace
> Issue Type: New Feature
> Components: DSpace API
> Reporter: Scott Phillips
> Assignee: Scott Phillips
> Fix For: post-1.8.0
>
> Attachments: ShibAuthentication.java, ShibAuthentication.java
>
>
> For a long time the Texas Digital Library has maintain a separate Shibboleth
> Authenticator that we've been using around the state for DSpace repositories
> and Vireo installations. This issue represents the work to migrate those
> custom modifications into the default Shibboleth Authenticator. There three
> key features that this provides for DSpace is:
> 1) Lazy Authentication. Apache no longer needs to protect a special url
> (/shibboleth-login) instead when the user needs to be authenticated DSpace
> assume the responsibility of sending the user to the Shibboleth Initiator.
> This allows for more flexable deployments because you can install any number
> of repositories on a domain without needed to adjust the apache settings for
> which urls are protected. Of course if you don't want to use lazy auth the
> old method still works.
> 2) NetID based identification. Users change their email address and if you're
> doing user lookup based upon email addresses when this happens you'll create
> two seperate user accounts and people will be confused. Since most shibboleth
> IDPs are just an interface over ldap it makes sense to configure shibboleth
> to identify users based upon netids. With Shibboleth 2.x you can also use
> targeted IDs. Of course if you don't want to mess with netids the old way
> still works just fine. There are three ways users are identified NetId,
> Email, and Tomcat Remote User.
> 3) Additional Eperson metadata. The EPerson object has get/setMetadata()
> methods to store additional metadata about a user. This authentication method
> allows you to take shibboleth attributes and store them on the eperson object
> as additional metadata. If you're using Vireo then some of these attributes
> will be used to aid in filling out ETD submission forms. This allows the form
> to be pre-filled with department, graduation semester, user's phone number
> and address. By it's self this feature dosn't do much because no other part
> of DSpace is looking for these metadata fields but it provides the underlying
> infrastructure to support it. Of course if you don't want additional metadat
> it works just fine as well.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.duraspace.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Malware Security Report: Protecting Your Business, Customers, and the
Bottom Line. Protect your business and customers by understanding the
threat from malware and how it can impact your online business.
http://www.accelacomm.com/jaw/sfnl/114/51427462/
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
