[
https://jira.duraspace.org/browse/DS-1012?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivan Masár updated DS-1012:
---------------------------
Fix Version/s: (was: 1.8.1)
(was: 3.0)
4.0
Labels: has-patch (was: )
> DSpace Shibboleth authentication module needs to support Lazy Authentication,
> NetID based authentication, and additional EPerson metadata
> -----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DS-1012
> URL: https://jira.duraspace.org/browse/DS-1012
> Project: DSpace
> Issue Type: New Feature
> Components: DSpace API
> Reporter: Scott Phillips
> Assignee: Scott Phillips
> Labels: has-patch
> Fix For: 4.0
>
> Attachments: ShibAuthentication.java, ShibAuthentication.java,
> ShibAuthentication.java, ShibAuthentication.java
>
>
> For a long time the Texas Digital Library has maintain a separate Shibboleth
> Authenticator that we've been using around the state for DSpace repositories
> and Vireo installations. This issue represents the work to migrate those
> custom modifications into the default Shibboleth Authenticator. There three
> key features that this provides for DSpace is:
> 1) Lazy Authentication. Apache no longer needs to protect a special url
> (/shibboleth-login) instead when the user needs to be authenticated DSpace
> assume the responsibility of sending the user to the Shibboleth Initiator.
> This allows for more flexable deployments because you can install any number
> of repositories on a domain without needed to adjust the apache settings for
> which urls are protected. Of course if you don't want to use lazy auth the
> old method still works.
> 2) NetID based identification. Users change their email address and if you're
> doing user lookup based upon email addresses when this happens you'll create
> two seperate user accounts and people will be confused. Since most shibboleth
> IDPs are just an interface over ldap it makes sense to configure shibboleth
> to identify users based upon netids. With Shibboleth 2.x you can also use
> targeted IDs. Of course if you don't want to mess with netids the old way
> still works just fine. There are three ways users are identified NetId,
> Email, and Tomcat Remote User.
> 3) Additional Eperson metadata. The EPerson object has get/setMetadata()
> methods to store additional metadata about a user. This authentication method
> allows you to take shibboleth attributes and store them on the eperson object
> as additional metadata. If you're using Vireo then some of these attributes
> will be used to aid in filling out ETD submission forms. This allows the form
> to be pre-filled with department, graduation semester, user's phone number
> and address. By it's self this feature dosn't do much because no other part
> of DSpace is looking for these metadata fields but it provides the underlying
> infrastructure to support it. Of course if you don't want additional metadat
> it works just fine as well.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel
