[Archivesspace_Users_Group] New Single Sign On Plugin released
Ryan Rotter
rrotter at umich.edu
Tue Sep 29 17:38:00 EDT 2015
Shib is rapidly becoming the de-facto standard and if ASpace ever added
native support for Shib I'd consider using it, but from where I sit it
would be very unusual for the application to deal with Shib rather than
letting the web server (apache) handle it.
Right now I'm using a plugin (https://github.com/mlibrary/aspace_remote_user)
to authenticate users based on the remote_user env var sent from
apache/modproxy. This doesn't align well with ASpace's architecture
(because I'm effectively moving auth from the backend to the frontend), but
it aligns much better with my hosting environment.
On 29 September 2015 at 11:40, Chris Fitzpatrick <
Chris.Fitzpatrick at lyrasis.org> wrote:
>
> Hey Joshua,
>
>
> This is so excellent.
>
> I'm just curious if there are other SSO stragegies people would like to
> see? Google Apps for Education? Shibboleth? MySpace?
>
>
> Here's a list of what could be added to omniauth:
>
> https://github.com/intridea/omniauth/wiki/List-of-Strategies
>
>
> b,chris.
>
>
> Chris Fitzpatrick | Developer, ArchivesSpace
> Skype: chrisfitzpat | Phone: 918.236.6048
> http://archivesspace.org/
>
>
> ------------------------------
> *From:* archivesspace_users_group-bounces at lyralists.lyrasis.org <
> archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of
> Joshua D. Shaw <Joshua.D.Shaw at dartmouth.edu>
> *Sent:* Friday, September 25, 2015 10:27 PM
> *To:* Archivesspace Users Group
> *Subject:* [Archivesspace_Users_Group] New Single Sign On Plugin released
>
> Just a heads up to the community that we (Dartmouth) have developed and
> released a plugin that implements an alternative login method for
> institutions that use a single sign on system. Credit goes to Eric Bivona,
> one of our senior programmers. Plugin can be found here:
> https://github.com/dartmouth-dltg/aspace-omniauth-cas
> <https://github.com/dartmouth-dltg/aspace-omniauth-cas>
> dartmouth-dltg/aspace-omniauth-cas · GitHub
> aspace-omniauth-cas - An ArchivesSpace plugin to provide OmniAuth/CAS
> single-sign-on authentication.
> Read more... <https://github.com/dartmouth-dltg/aspace-omniauth-cas>
>
> We've used the omniAuth gem as the base authentication bundle. Though
> omniAuth supports a wide variety of authentication methods, at present, the
> plugin is only implemented for CAS authentication.
>
> The README file explains the working and configuration of the plugin in
> greater depth, but this plugin replaces the standard login window with a
> redirect to an authentication server which first authenticates the user to
> the frontend. The authentication token is passed from the frontend to the
> backend which then verifies that authentication payload with the CAS
> server. Once this is confirmed, the user is logged in. The user's personal
> information is also updated to reflect the authoritative version held by
> the CAS server.
>
> Feel free to email with questions!
> Joshua
>
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20150929/e946d012/attachment.html>
More information about the Archivesspace_Users_Group
mailing list