[Archivesspace_Users_Group] New Single Sign On Plugin released

Tue Sep 29 18:03:52 EDT 2015

Seconding Shibboleth for enterprise scenarios. Speaking on behalf of the
small non-profits I work with, Google OAuth2 is by far the most commonly
implemented (and sometimes with OpenID in front of that). Together with
CAS, those three would cover just quite a bit of ground.

Jason Loeffler
Principal
Minor Science | Application Development & Metadata Strategy
Brooklyn, New York

On Tue, Sep 29, 2015 at 5:38 PM, Ryan Rotter <rrotter at umich.edu> wrote:

> Shib is rapidly becoming the de-facto standard and if ASpace ever added
> native support for Shib I'd consider using it, but from where I sit it
> would be very unusual for the application to deal with Shib rather than
> letting the web server (apache) handle it.
>
> Right now I'm using a plugin (
> https://github.com/mlibrary/aspace_remote_user) to authenticate users
> based on the remote_user env var sent from apache/modproxy. This doesn't
> align well with ASpace's architecture (because I'm effectively moving auth
> from the backend to the frontend), but it aligns much better with my
> hosting environment.
>
> On 29 September 2015 at 11:40, Chris Fitzpatrick <
> Chris.Fitzpatrick at lyrasis.org> wrote:
>
>>
>> Hey Joshua,
>>
>>
>> This is so excellent.
>>
>> I'm just curious if there are other SSO stragegies people would like to
>> see? Google Apps for Education? Shibboleth? MySpace?
>>
>>
>> Here's a list of what could be added to omniauth:
>>
>> https://github.com/intridea/omniauth/wiki/List-of-Strategies
>>
>>
>> b,chris.
>>
>>
>> Chris Fitzpatrick | Developer, ArchivesSpace
>> Skype: chrisfitzpat  | Phone: 918.236.6048
>> http://archivesspace.org/
>>
>>
>> ------------------------------
>> *From:* archivesspace_users_group-bounces at lyralists.lyrasis.org <
>> archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of
>> Joshua D. Shaw <Joshua.D.Shaw at dartmouth.edu>
>> *Sent:* Friday, September 25, 2015 10:27 PM
>> *To:* Archivesspace Users Group
>> *Subject:* [Archivesspace_Users_Group] New Single Sign On Plugin released
>>
>> Just a heads up to the community that we (Dartmouth) have developed and
>> released a plugin that implements an alternative login method for
>> institutions that use a single sign on system. Credit goes to Eric Bivona,
>> one of our senior programmers. Plugin can be found here:
>> https://github.com/dartmouth-dltg/aspace-omniauth-cas
>> <https://github.com/dartmouth-dltg/aspace-omniauth-cas>
>> dartmouth-dltg/aspace-omniauth-cas · GitHub
>> aspace-omniauth-cas - An ArchivesSpace plugin to provide OmniAuth/CAS
>> single-sign-on authentication.
>> Read more... <https://github.com/dartmouth-dltg/aspace-omniauth-cas>
>>
>> We've used the omniAuth gem as the base authentication bundle. Though
>> omniAuth supports a wide variety of authentication methods, at present, the
>> plugin is only implemented for CAS authentication.
>>
>> The README file explains the working and configuration of the plugin in
>> greater depth, but this plugin replaces the standard login window with a
>> redirect to an authentication server which first authenticates the user to
>> the frontend. The authentication token is passed from the frontend to the
>> backend which then verifies that authentication payload with the CAS
>> server. Once this is confirmed, the user is logged in. The user's personal
>> information is also updated to reflect the authoritative version held by
>> the CAS server.
>>
>> Feel free to email with questions!
>> Joshua
>>
>> _______________________________________________
>> Archivesspace_Users_Group mailing list
>> Archivesspace_Users_Group at lyralists.lyrasis.org
>> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
>>
>>
>
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20150929/c7378945/attachment.html>