[
https://jira.duraspace.org/browse/DS-1012?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=23759#comment-23759
]
Scott Phillips commented on DS-1012:
------------------------------------
Stuart,
Yikkes, yes. Looks like I forgot the the configuration changes when committing
the patch. Sorry about that, it was developed a while back before configuration
updates.
The documentation for the parameters, which should be backwards compatible? Are
a few comments back (September 6th) they just need to be formatted for the wiki.
I'll get to this in the next day or so. I'm away from the office right now.
Sorry about that.
Scott--
> DSpace Shibboleth authentication module needs to support Lazy Authentication,
> NetID based authentication, and additional EPerson metadata
> -----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DS-1012
> URL: https://jira.duraspace.org/browse/DS-1012
> Project: DSpace
> Issue Type: New Feature
> Components: DSpace API
> Reporter: Scott Phillips
> Assignee: Scott Phillips
> Fix For: 1.8.1, post-1.8.x
>
> Attachments: ShibAuthentication.java, ShibAuthentication.java,
> ShibAuthentication.java, ShibAuthentication.java
>
>
> For a long time the Texas Digital Library has maintain a separate Shibboleth
> Authenticator that we've been using around the state for DSpace repositories
> and Vireo installations. This issue represents the work to migrate those
> custom modifications into the default Shibboleth Authenticator. There three
> key features that this provides for DSpace is:
> 1) Lazy Authentication. Apache no longer needs to protect a special url
> (/shibboleth-login) instead when the user needs to be authenticated DSpace
> assume the responsibility of sending the user to the Shibboleth Initiator.
> This allows for more flexable deployments because you can install any number
> of repositories on a domain without needed to adjust the apache settings for
> which urls are protected. Of course if you don't want to use lazy auth the
> old method still works.
> 2) NetID based identification. Users change their email address and if you're
> doing user lookup based upon email addresses when this happens you'll create
> two seperate user accounts and people will be confused. Since most shibboleth
> IDPs are just an interface over ldap it makes sense to configure shibboleth
> to identify users based upon netids. With Shibboleth 2.x you can also use
> targeted IDs. Of course if you don't want to mess with netids the old way
> still works just fine. There are three ways users are identified NetId,
> Email, and Tomcat Remote User.
> 3) Additional Eperson metadata. The EPerson object has get/setMetadata()
> methods to store additional metadata about a user. This authentication method
> allows you to take shibboleth attributes and store them on the eperson object
> as additional metadata. If you're using Vireo then some of these attributes
> will be used to aid in filling out ETD submission forms. This allows the form
> to be pre-filled with department, graduation semester, user's phone number
> and address. By it's self this feature dosn't do much because no other part
> of DSpace is looking for these metadata fields but it provides the underlying
> infrastructure to support it. Of course if you don't want additional metadat
> it works just fine as well.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.duraspace.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
