Version 1 (modified by 15 years ago) ( diff ) | ,
---|
Proposal number : ? Proposal title : Login via CAS
Date | 2010/02/01 |
Contact(s) | Pierre Mauduit <pierre DOT mauduit AT camptocamp DOT com> |
Last edited | Timestamp |
Status | draft, in progress |
Assigned to release | ? |
Resources | ? |
Overview
CAS is an external authentication system. The goal of this proposal is to allow a GN instance to use a CAS service in order to authenticate users.
When CAS is configured, the user would be asked to authenticate on the CAS webservice, then after a successful login onto the webapp, he would be redirected and automatically logged into GN. My current patch allows two things to be configured :
- The default administrator user : The only information CAS will give us is the username. By testing it, we can determine who would be the GN administrator.
- The default group : Once our users have been authentified onto CAS, GN would have to assign them a default group (RegisteredUser, ...).
Proposal Type
- Type: core functionality addition
- App: GeoNetwork
- Module: Jeeves (session mechanisms), GN/Guiservices
Links
None.
Voting History
- None yet
Motivations
The default behavior of GeoNetwork is to use a builtin database in order to store authentication credentials. Since there are some different auth mechanisms proposed (LDAP, Shibboleth ...), the goal of this proposal is to permit an external authentication with CAS, which could be configured to use a LDAP, PAM, MySQL or whatever supported by CAS.
Proposal
Backwards Compatibility Issues
Risks
Participants
- pmauduit
Attachments (2)
-
against_trunk.diff
(16.2 KB
) - added by 15 years ago.
Patch
-
casclient.jar
(57.9 KB
) - added by 15 years ago.
CASClient library (available at jasig.org)
Download all attachments as: .zip