<div dir="ltr"><div>Shib is rapidly becoming the de-facto standard and if ASpace ever added native support for Shib I'd consider using it, but from where I sit it would be very unusual for the application to deal with Shib rather than letting the web server (apache) handle it. <br></div><div><br></div><div>Right now I'm using a plugin (<a href="https://github.com/mlibrary/aspace_remote_user">https://github.com/mlibrary/aspace_remote_user</a>) to authenticate users based on the remote_user env var sent from apache/modproxy. This doesn't align well with ASpace's architecture (because I'm effectively moving auth from the backend to the frontend), but it aligns much better with my hosting environment.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 29 September 2015 at 11:40, Chris Fitzpatrick <span dir="ltr"><<a href="mailto:Chris.Fitzpatrick@lyrasis.org" target="_blank">Chris.Fitzpatrick@lyrasis.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div style="font-size:12pt;color:#000000;background-color:#ffffff;font-family:Calibri,Arial,Helvetica,sans-serif">
<p><br>
</p>
<p>Hey Joshua, </p>
<p><br>
</p>
<p>This is so excellent. </p>
<p>I'm just curious if there are other SSO stragegies people would like to see? Google Apps for Education? Shibboleth? MySpace?</p>
<p><br>
</p>
<p>Here's a list of what could be added to omniauth:</p>
<p><a href="https://github.com/intridea/omniauth/wiki/List-of-Strategies" target="_blank">https://github.com/intridea/omniauth/wiki/List-of-Strategies</a></p>
<p><br>
</p>
<p>b,chris. <br>
</p>
<p><br>
</p>
<div>
<div name="divtagdefaultwrapper">
<div><font size="2">
<div>Chris Fitzpatrick | <font size="2">Developer, ArchivesSpace</font><br>
Skype: chrisfitzpat | Phone: <a href="tel:918.236.6048" value="+19182366048" target="_blank">918.236.6048</a><br>
<a href="http://archivesspace.org/" target="_blank">http://archivesspace.org/</a><br>
</div>
</font></div>
</div>
</div>
<br>
<br>
<div style="color:rgb(0,0,0)">
<hr style="display:inline-block;width:98%">
<div dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> <a href="mailto:archivesspace_users_group-bounces@lyralists.lyrasis.org" target="_blank">archivesspace_users_group-bounces@lyralists.lyrasis.org</a> <<a href="mailto:archivesspace_users_group-bounces@lyralists.lyrasis.org" target="_blank">archivesspace_users_group-bounces@lyralists.lyrasis.org</a>> on behalf of Joshua D. Shaw
<<a href="mailto:Joshua.D.Shaw@dartmouth.edu" target="_blank">Joshua.D.Shaw@dartmouth.edu</a>><br>
<b>Sent:</b> Friday, September 25, 2015 10:27 PM<br>
<b>To:</b> Archivesspace Users Group<br>
<b>Subject:</b> [Archivesspace_Users_Group] New Single Sign On Plugin released</font>
<div> </div>
</div>
<div><span class="">
<div>Just a heads up to the community that we (Dartmouth) have developed and released a plugin that implements an alternative login method for institutions that use a single sign on system. Credit goes to Eric Bivona, one of our senior programmers. Plugin can
be found here: <a href="https://github.com/dartmouth-dltg/aspace-omniauth-cas" style="font-size:medium;font-family:Arial" target="_blank">https://github.com/dartmouth-dltg/aspace-omniauth-cas</a></div>
</span><div style="margin-top:20px;margin-bottom:20px;overflow:auto;width:100%">
<table style="border-top:1px solid rgb(204,204,204);border-bottom:1px solid rgb(204,204,204);width:80%;background-color:rgb(255,255,255);overflow:auto">
<tbody>
<tr valign="top">
<td colspan="1" style="width:140px;display:table-cell;padding:0px">
<div style="margin-top:12px;background-color:rgb(255,255,255);min-height:auto;width:140px;padding:0px;display:table">
<a href="https://github.com/dartmouth-dltg/aspace-omniauth-cas" style="display:table-cell;text-align:center" target="_blank"><img style="display:inline-block;margin-left:auto;margin-right:auto;max-width:140px;max-height:140px;min-height:140px;width:140px;border-width:0px" height="140" width="140" src="https://avatars1.githubusercontent.com/u/11048460?v=3&s=400"></a></div>
</td>
<td>
<div style="margin-top:8px;font-size:21px;font-family:"wf_segoe-ui_semilight","Segoe UI Semilight","Segoe WP Semilight","Segoe UI","Segoe WP",Tahoma,Arial,sans-serif;color:rgb(51,51,51);margin-left:14px;margin-right:14px">
dartmouth-dltg/aspace-omniauth-cas · GitHub</div>
<div style="margin-top:8px;font-size:13px;font-family:"wf_segoe-ui_normal","Segoe UI","Segoe WP",Tahoma,Arial,sans-serif;color:rgb(102,102,102);margin-left:14px;margin-right:14px">
aspace-omniauth-cas - An ArchivesSpace plugin to provide OmniAuth/CAS single-sign-on authentication.</div>
<div style="margin:8px 14px 10px;min-height:18px;text-overflow:ellipsis;overflow:hidden;white-space:nowrap">
<a href="https://github.com/dartmouth-dltg/aspace-omniauth-cas" style="font-size:11px;font-family:"wf_segoe-ui_normal","Segoe UI","Segoe WP",Tahoma,Arial,sans-serif;text-decoration:none" target="_blank">Read
more...</a></div>
</td>
</tr>
</tbody>
</table>
</div><span class="">
<div><br>
</div>
<div>We've used the omniAuth gem as the base authentication bundle. Though omniAuth supports a wide variety of authentication methods, at present, the plugin is only implemented for CAS authentication.</div>
<div><br>
</div>
<div>The README file explains the working and configuration of the plugin in greater depth, but this plugin replaces the standard login window with a redirect to an authentication server which first authenticates the user to the frontend. The authentication
token is passed from the frontend to the backend which then verifies that authentication payload with the CAS server. Once this is confirmed, the user is logged in. The user's personal information is also updated to reflect the authoritative version held by
the CAS server.</div>
<div><br>
</div>
<div>Feel free to email with questions!</div>
<div>Joshua</div>
<div>
<div></div>
</div>
</span></div>
</div>
</div>
</div>
<br>_______________________________________________<br>
Archivesspace_Users_Group mailing list<br>
<a href="mailto:Archivesspace_Users_Group@lyralists.lyrasis.org">Archivesspace_Users_Group@lyralists.lyrasis.org</a><br>
<a href="http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group" rel="noreferrer" target="_blank">http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group</a><br>
<br></blockquote></div><br></div>