Re: [Archivesspace_Users_Group] Help: Does ASpace support Okta/SSO/SAML?
There's a plugin here: https://github.com/lyrasis/aspace-oauth From: archivesspace_users_group-boun...@lyralists.lyrasis.org on behalf of Peter Heiner Sent: Monday, March 14, 2022 11:40 AM To: Archivesspace Users Group Subject: Re: [Archivesspace_Users_Group] Help: Does ASpace support Okta/SSO/SAML? Cambridge University Libraries use the aspace-oauth plugin with the SAML provider. We chose SAML over LDAP because our directory doesn't allow anonymous binds and ArchivesSpace requires a separate bind DN which I was not too keen on having. SAML was not particularly easy to set up, we've seen some quirks like it not being able to use our IdP's metadata autoconfiguration and us having to add config items that would be available from said metadata, but it can be made to work with some trial and error. The separate login link in the header that aspace-oauth creates felt pretty clunky, so we have also modified the main app page in our local plugin to take the user directly to the SSO login page unless a specific URL parameter is set. Sadly, only the database is supported for authorisation, none of those fancy-schmancy SAML attributes or Oauth2 claim shenanigans from the early 21st century. p Jerry Boggio wrote on 2022-03-14 14:45:01: > Resubmitting as it appears my original question was kicked back. > > Gerard (Jerry) Boggio | MITRE Corporation | R124 - Collaboration & Info > Management | 781-271-2719 > > From: Jerry Boggio > Sent: Monday, March 14, 2022 10:28 AM > To: archivesspace_users_group-requ...@lyralists.lyrasis.org > Subject: Help: Does ASpace support Okta/SSO/SAML? > > Hi Everyone; > > Could someone please tell us if ArchivesSpace supports Okta, SSO (Single Sign > On), and/or SAML (Security Assertion Markup Language)? Are there other > security packages supported other than storing logon ID and password in the > MySQL database? If so, could you please pass on documentation? > > Thank you! > Gerard (Jerry) Boggio | MITRE Corporation | R124 - Collaboration & Info > Management | 781-271-2719 > > ___ > Archivesspace_Users_Group mailing list > Archivesspace_Users_Group@lyralists.lyrasis.org > http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group ___ Archivesspace_Users_Group mailing list Archivesspace_Users_Group@lyralists.lyrasis.org http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group ___ Archivesspace_Users_Group mailing list Archivesspace_Users_Group@lyralists.lyrasis.org http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
Re: [Archivesspace_Users_Group] Help: Does ASpace support Okta/SSO/SAML?
Cambridge University Libraries use the aspace-oauth plugin with the SAML provider. We chose SAML over LDAP because our directory doesn't allow anonymous binds and ArchivesSpace requires a separate bind DN which I was not too keen on having. SAML was not particularly easy to set up, we've seen some quirks like it not being able to use our IdP's metadata autoconfiguration and us having to add config items that would be available from said metadata, but it can be made to work with some trial and error. The separate login link in the header that aspace-oauth creates felt pretty clunky, so we have also modified the main app page in our local plugin to take the user directly to the SSO login page unless a specific URL parameter is set. Sadly, only the database is supported for authorisation, none of those fancy-schmancy SAML attributes or Oauth2 claim shenanigans from the early 21st century. p Jerry Boggio wrote on 2022-03-14 14:45:01: > Resubmitting as it appears my original question was kicked back. > > Gerard (Jerry) Boggio | MITRE Corporation | R124 - Collaboration & Info > Management | 781-271-2719 > > From: Jerry Boggio > Sent: Monday, March 14, 2022 10:28 AM > To: archivesspace_users_group-requ...@lyralists.lyrasis.org > Subject: Help: Does ASpace support Okta/SSO/SAML? > > Hi Everyone; > > Could someone please tell us if ArchivesSpace supports Okta, SSO (Single Sign > On), and/or SAML (Security Assertion Markup Language)? Are there other > security packages supported other than storing logon ID and password in the > MySQL database? If so, could you please pass on documentation? > > Thank you! > Gerard (Jerry) Boggio | MITRE Corporation | R124 - Collaboration & Info > Management | 781-271-2719 > > ___ > Archivesspace_Users_Group mailing list > Archivesspace_Users_Group@lyralists.lyrasis.org > http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group ___ Archivesspace_Users_Group mailing list Archivesspace_Users_Group@lyralists.lyrasis.org http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
Re: [Archivesspace_Users_Group] Help: Does ASpace support Okta/SSO/SAML?
Resubmitting as it appears my original question was kicked back. Gerard (Jerry) Boggio | MITRE Corporation | R124 - Collaboration & Info Management | 781-271-2719 From: Jerry Boggio Sent: Monday, March 14, 2022 10:28 AM To: archivesspace_users_group-requ...@lyralists.lyrasis.org Subject: Help: Does ASpace support Okta/SSO/SAML? Hi Everyone; Could someone please tell us if ArchivesSpace supports Okta, SSO (Single Sign On), and/or SAML (Security Assertion Markup Language)? Are there other security packages supported other than storing logon ID and password in the MySQL database? If so, could you please pass on documentation? Thank you! Gerard (Jerry) Boggio | MITRE Corporation | R124 - Collaboration & Info Management | 781-271-2719 ___ Archivesspace_Users_Group mailing list Archivesspace_Users_Group@lyralists.lyrasis.org http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
