Changes between Initial Version and Version 1 of Adding

Timestamp:

Feb 1, 2010, 6:25:42 AM (14 years ago)

Author:

pmauduit

Comment:

First shot of CAS proposal

Adding

@@ +1 @@
+= Proposal number : ? Proposal title : Login via CAS =
+
+|| '''Date''' || 2010/02/01 ||
+|| '''Contact(s)''' || Pierre Mauduit <pierre DOT mauduit AT camptocamp DOT com> ||
+|| '''Last edited''' || [[Timestamp]] ||
+|| '''Status''' || draft, in progress ||
+|| '''Assigned to release''' || ? ||
+|| '''Resources''' || ? ||
+
+== Overview ==
+
+[http://www.jasig.org/cas CAS] is an external authentication system. The goal of this proposal is to allow a GN instance to use a CAS service in order to authenticate users.
+
+When CAS is configured, the user would be asked to authenticate on the CAS webservice, then after a successful login onto the webapp, he would be redirected and automatically logged into GN. My current patch allows two things to be configured :
+
+ * The default administrator user : The only information CAS will give us is the username. By testing it, we can determine who would be the GN administrator. 
+ * The default group : Once our users have been authentified onto CAS, GN would have to assign them a default group (RegisteredUser, ...).
+
+=== Proposal Type ===
+ * '''Type''': core functionality addition
+ * '''App''': !GeoNetwork
+ * '''Module''': Jeeves (session mechanisms), GN/Guiservices
+
+=== Links ===
+
+None.
+
+
+=== Voting History ===
+ * None yet
+
+----
+
+== Motivations ==
+
+The default behavior of GeoNetwork is to use a builtin database in order to store authentication credentials. Since there are some different auth mechanisms proposed (LDAP, Shibboleth ...), the goal of this proposal is to permit an external authentication with CAS, which could be configured to use a LDAP, PAM, MySQL or whatever supported by CAS.
+
+== Proposal == 
+
+
+=== Backwards Compatibility Issues ===
+
+== Risks ==
+
+== Participants ==
+ * pmauduit
+