Proposal number : ? Proposal title : Login via CAS

Date	2010/02/01
Contact(s)	Pierre Mauduit <pierre DOT mauduit AT camptocamp DOT com>, jeichar, mcoudert
Last edited	Timestamp
Status	draft, in progress
Assigned to release	?
Resources	?

Overview

​CAS is an external authentication system. The goal of this proposal is to allow a GN instance to use a CAS service in order to authenticate users.

When CAS is configured, the user would be asked to authenticate on the CAS webservice, then after a successful login onto the webapp, he would be redirected and automatically logged into GN. My current patch allows two things to be configured :

• The default administrator user : The only information CAS will give us is the username. By testing it, we can determine who would be the GN administrator.
• The default group : Once our users have been authentified onto CAS, GN would have to assign them a default group (RegisteredUser, ...).

Proposal Type

• Type: core functionality addition
• App: GeoNetwork
• Module: Jeeves (session mechanisms), GN/Guiservices

Links

None.

Voting History

• None yet

---

Motivations

The default behavior of GeoNetwork is to use a builtin database in order to store authentication credentials. Since there are some different auth mechanisms proposed (LDAP, Shibboleth ...), the goal of this proposal is to permit an external authentication with CAS, which could be configured to use a LDAP, PAM, MySQL or whatever supported by CAS.

Proposal

Backwards Compatibility Issues

Risks

Participants

• pmauduit