[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Re: Windows ACS single sign-on

Subject: [EP-tech] Re: Windows ACS single sign-on
From: tdb2 at ecs.soton.ac.uk (Tim Brody)
Date: Mon, 16 Apr 2012 16:09:21 +0100
In-reply-to: <9E145CCE58570049A3F0773FD6873A6506CCB576@DBXPRD0410MB358.eurprd04.prod.outlook.com>
References: <9E145CCE58570049A3F0773FD6873A6506CCB576@DBXPRD0410MB358.eurprd04.prod.outlook.com>

On Tue, 2012-04-03 at 10:32 +0000, Carl Franks wrote:
> Hi,
> 
> I'm currently running eprints 3.2.8 with edshare 3.2 on Ubuntu 10.04LTS
> 
> I'd like to integrate with our Windows Azure-based single sign-on system.
> http://acs.codeplex.com/
> 
> Can anyone recommend which eprints files I'll need to look at to
>  customize the login?
> 
> I'll need to retain the current login form, to allow admin logins - but
>  I'd like to hide it with JS, and have a discrete link that will unhide
>  it. For ACS logins, I'll need to display a button that will simply
>  redirect the user to our ACS (access control service) server.
> 
> The ACS logs the user in if they're not already logged in, and needs to
>  redirect the user back to the eprints server, passing a session ID,
>  which I'll need to verify, and then tell eprints what their username
>  is, and that they should be logged in.
> 
> So, to clarify: eprints will store user accounts for all users, but
>  won't handle password authentication, except for the admin account.
>  Any pointers on how to approach this would be welcome, as I'm still
>  just learning my way around the eprints code.
> 
> For the ACS-specific code, I plan on basing it on Microsoft's ACS
>  plugin for wordpress, which looks like it'll be fairly straightforward
>  to convert to perl.
>  http://wordpress.org/extend/plugins/acs-plugin-for-wordpress/

I'm not familiar with ACS but there's a few approaches to customising
authentication in EPrints (and more in 3.3.x).

If you're getting a username & password within EPrints you can change
the authentication in cfg.d/user_login.pl.

To login via another page (single-sign-on) you will want to add a
"get_login_url":
http://permalink.gmane.org/gmane.comp.web.eprints.devel/14574

Or you could override /cgi/login by creating a a file at
archives/[archiveid]/cgi/login.

-- 
All the best,
Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20120416/17cc924d/attachment.bin

References:
- [EP-tech] Windows ACS single sign-on
  - From: C.A.Franks at dundee.ac.uk (Carl Franks)

Prev by Date: [EP-tech] Re: divisions language
Next by Date: [EP-tech] Re: eprints and vufind
Previous by thread: [EP-tech] Windows ACS single sign-on
Next by thread: [EP-tech] [3.3.8] adding metadata field with web interface
Index(es):
- Date
- Thread