Hi I have been thinking of this problem in the context of my own repository.
This approach will work in theory, but it is cumbersome. I do not know of any other approaches that are guaranteed to work. Have some database, storing usernames, passwords, and user-roles. Doesnt have to be advanced at all, hell, it could be a memory based database fronted by a simple webservice. Have fedora authenticate against this database. This will probably require you to write a simple filter, or what ever is used for that. When the webapp retrieves the SAML credentials, it should store them in the database, with a random password. Then, when calling fedora, it sends along the username, and the random password. Fedora then authenticates the user, as you have just created him in the database. The user gets the correct user-roles in fedora, and everything works. Then, when the fedora call is over, the webapp purges the user from the database again. Simple and cumbersome Regards On Thu, 2010-07-22 at 20:28 +0200, Steve Barr wrote: > Hello: > > I've been looking at the doc and code, and have some questions. > > We have a web app which makes WS calls to Fedora. I have set up > Shibboleth AuthN with the campus IdP. This gives me SAML credentials > from which I can extract the authenticated user (and hopefully groups > from our Grouper install at some point). I'm a little unclear on how > to transfer this information into Fedora so that I can have it > available to FeSL polices and rules. > > This page mentions one way to pass information in; does this work in > Fedora 3.3? > https://wiki.duraspace.org/display/FCR30/Authentication+and+User+Attributes > > Have I missed a better way? I have the user and the user's roles in > my web app. When I make a WS call on Fedora, I would like to pass > that information in for access control decisions. > > Thanks, > > Steve > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _______________________________________________ > Fedora-commons-developers mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Fedora-commons-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
