[Archivesspace_Users_Group] Help: Does ASpace support Okta/SSO/SAML?

Blake Carver blake.carver at lyrasis.org
Mon Mar 14 12:41:58 EDT 2022


 There's a plugin here:
https://github.com/lyrasis/aspace-oauth

________________________________
From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of Peter Heiner <ph448 at cam.ac.uk>
Sent: Monday, March 14, 2022 11:40 AM
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org>
Subject: Re: [Archivesspace_Users_Group] Help: Does ASpace support Okta/SSO/SAML?

Cambridge University Libraries use the aspace-oauth plugin with the SAML
provider.

We chose SAML over LDAP because our directory doesn't allow anonymous binds
and ArchivesSpace requires a separate bind DN which I was not too keen on
having. SAML was not particularly easy to set up, we've seen some quirks like
it not being able to use our IdP's metadata autoconfiguration and us having to
add config items that would be available from said metadata, but it can be
made to work with some trial and error.

The separate login link in the header that aspace-oauth creates felt pretty
clunky, so we have also modified the main app page in our local plugin to take
the user directly to the SSO login page unless a specific URL parameter is
set.

Sadly, only the database is supported for authorisation, none of those
fancy-schmancy SAML attributes or Oauth2 claim shenanigans from the early 21st
century.

p

Jerry Boggio wrote on 2022-03-14 14:45:01:
> Resubmitting as it appears my original question was kicked back.
>
> Gerard (Jerry) Boggio | MITRE Corporation | R124 - Collaboration & Info Management | 781-271-2719
>
> From: Jerry Boggio <gboggio at mitre.org>
> Sent: Monday, March 14, 2022 10:28 AM
> To: archivesspace_users_group-request at lyralists.lyrasis.org
> Subject: Help: Does ASpace support Okta/SSO/SAML?
>
> Hi Everyone;
>
> Could someone please tell us if ArchivesSpace supports Okta, SSO (Single Sign On), and/or SAML (Security Assertion Markup Language)? Are there other security packages supported other than storing logon ID and password in the MySQL database? If so, could you please pass on documentation?
>
> Thank you!
> Gerard (Jerry) Boggio | MITRE Corporation | R124 - Collaboration & Info Management | 781-271-2719
>

> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
_______________________________________________
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group at lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20220314/18679e25/attachment.html>


More information about the Archivesspace_Users_Group mailing list