wiki:Adding

Version 1 (modified by pmauduit, 15 years ago) ( diff )

First shot of CAS proposal

Proposal number : ? Proposal title : Login via CAS

Date 2010/02/01
Contact(s) Pierre Mauduit <pierre DOT mauduit AT camptocamp DOT com>
Last edited Timestamp
Status draft, in progress
Assigned to release ?
Resources ?

Overview

CAS is an external authentication system. The goal of this proposal is to allow a GN instance to use a CAS service in order to authenticate users.

When CAS is configured, the user would be asked to authenticate on the CAS webservice, then after a successful login onto the webapp, he would be redirected and automatically logged into GN. My current patch allows two things to be configured :

  • The default administrator user : The only information CAS will give us is the username. By testing it, we can determine who would be the GN administrator.
  • The default group : Once our users have been authentified onto CAS, GN would have to assign them a default group (RegisteredUser, ...).

Proposal Type

  • Type: core functionality addition
  • App: GeoNetwork
  • Module: Jeeves (session mechanisms), GN/Guiservices

None.

Voting History

  • None yet

Motivations

The default behavior of GeoNetwork is to use a builtin database in order to store authentication credentials. Since there are some different auth mechanisms proposed (LDAP, Shibboleth ...), the goal of this proposal is to permit an external authentication with CAS, which could be configured to use a LDAP, PAM, MySQL or whatever supported by CAS.

Proposal

Backwards Compatibility Issues

Risks

Participants

  • pmauduit

Attachments (2)

Download all attachments as: .zip

Note: See TracWiki for help on using the wiki.