Proposal number : ? Proposal title : Login via CAS
| Date | 2010/02/01 |
| Contact(s) | Pierre Mauduit <pierre DOT mauduit AT camptocamp DOT com>, jeichar, mcoudert |
| Last edited | Timestamp |
| Status | draft, in progress |
| Assigned to release | ? |
| Resources | ? |
Overview
CAS is an external authentication system. The goal of this proposal is to allow a GN instance to use a CAS service in order to authenticate users.
When CAS is configured, the user would be asked to authenticate on the CAS webservice, then after a successful login onto the webapp, he would be redirected and automatically logged into GN. My current patch allows two things to be configured :
- The default administrator user : The only information CAS will give us is the username. By testing it, we can determine who would be the GN administrator.
- The default group : Once our users have been authentified onto CAS, GN would have to assign them a default group (RegisteredUser, ...).
Proposal Type
- Type: core functionality addition
- App: GeoNetwork
- Module: Jeeves (session mechanisms), GN/Guiservices
Links
Voting History
- None yet
Motivations
The default behaviour of GeoNetwork is to use a builtin database in order to store authentication credentials. Since there are several different authentication mechanisms proposed (LDAP, Shibboleth ...), the goal of this proposal is to permit an external authentication with CAS, which could be configured to use a LDAP, as well as PAM, MySQL or whatever supported by CAS.
Proposal
Please note that the current patch is still in a "Work In Progress" state ; some options have to be improved and a little rework is needed before expecting it to be added to the trunk
Backwards Compatibility Issues
Risks
Participants
- pmauduit
Attachments (2)
-
against_trunk.diff
(16.2 KB
) - added by 14 years ago.
Patch
-
casclient.jar
(57.9 KB
) - added by 14 years ago.
CASClient library (available at jasig.org)
Download all attachments as: .zip
