[Archivesspace_Users_Group] New Single Sign On Plugin released
Ryan Rotter
rrotter at umich.edu
Tue Sep 29 18:29:50 EDT 2015
On 29 September 2015 at 17:57, Eric J. Bivona <Eric.J.Bivona at dartmouth.edu>
wrote:
> My understanding is that the ASpace backend doesn’t trust the frontend,
> hence the work I did to allow the backend to, essentially, reauthenticate
> the user before creating a session for them. Our security team would have
> had serious reservations about securing such a subversion of the existing
> architecture, but your mileage will vary.
>
Right, normally the backend doesn't trust the frontend. I added an login
endpoint on the backend that implicitly trusts the frontend (well,
technically all traffic, the frontend isn't special). They are on the same
host and the backend is firewalled from even the local network, otherwise I
would have had to work out something more robust.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20150929/89478048/attachment.html>
More information about the Archivesspace_Users_Group
mailing list