[
https://jira.duraspace.org/browse/DS-1012?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tim Donohue updated DS-1012:
----------------------------
Fix Version/s: (was: 1.8.1)
1.8.2
> DSpace Shibboleth authentication module needs to support Lazy Authentication,
> NetID based authentication, and additional EPerson metadata
> -----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DS-1012
> URL: https://jira.duraspace.org/browse/DS-1012
> Project: DSpace
> Issue Type: New Feature
> Components: DSpace API
> Reporter: Scott Phillips
> Assignee: Scott Phillips
> Labels: has-patch
> Fix For: 1.8.2, 3.0
>
> Attachments: ShibAuthentication.java, ShibAuthentication.java,
> ShibAuthentication.java, ShibAuthentication.java
>
>
> For a long time the Texas Digital Library has maintain a separate Shibboleth
> Authenticator that we've been using around the state for DSpace repositories
> and Vireo installations. This issue represents the work to migrate those
> custom modifications into the default Shibboleth Authenticator. There three
> key features that this provides for DSpace is:
> 1) Lazy Authentication. Apache no longer needs to protect a special url
> (/shibboleth-login) instead when the user needs to be authenticated DSpace
> assume the responsibility of sending the user to the Shibboleth Initiator.
> This allows for more flexable deployments because you can install any number
> of repositories on a domain without needed to adjust the apache settings for
> which urls are protected. Of course if you don't want to use lazy auth the
> old method still works.
> 2) NetID based identification. Users change their email address and if you're
> doing user lookup based upon email addresses when this happens you'll create
> two seperate user accounts and people will be confused. Since most shibboleth
> IDPs are just an interface over ldap it makes sense to configure shibboleth
> to identify users based upon netids. With Shibboleth 2.x you can also use
> targeted IDs. Of course if you don't want to mess with netids the old way
> still works just fine. There are three ways users are identified NetId,
> Email, and Tomcat Remote User.
> 3) Additional Eperson metadata. The EPerson object has get/setMetadata()
> methods to store additional metadata about a user. This authentication method
> allows you to take shibboleth attributes and store them on the eperson object
> as additional metadata. If you're using Vireo then some of these attributes
> will be used to aid in filling out ETD submission forms. This allows the form
> to be pre-filled with department, graduation semester, user's phone number
> and address. By it's self this feature dosn't do much because no other part
> of DSpace is looking for these metadata fields but it provides the underlying
> infrastructure to support it. Of course if you don't want additional metadat
> it works just fine as well.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
