EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #00399


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

[EP-tech] Re: Windows ACS single sign-on


On Tue, 2012-04-03 at 10:32 +0000, Carl Franks wrote:
> Hi,
> 
> I'm currently running eprints 3.2.8 with edshare 3.2 on Ubuntu 10.04LTS
> 
> I'd like to integrate with our Windows Azure-based single sign-on system.
> http://acs.codeplex.com/
> 
> Can anyone recommend which eprints files I'll need to look at to
>  customize the login?
> 
> I'll need to retain the current login form, to allow admin logins - but
>  I'd like to hide it with JS, and have a discrete link that will unhide
>  it. For ACS logins, I'll need to display a button that will simply
>  redirect the user to our ACS (access control service) server.
> 
> The ACS logs the user in if they're not already logged in, and needs to
>  redirect the user back to the eprints server, passing a session ID,
>  which I'll need to verify, and then tell eprints what their username
>  is, and that they should be logged in.
> 
> So, to clarify: eprints will store user accounts for all users, but
>  won't handle password authentication, except for the admin account.
>  Any pointers on how to approach this would be welcome, as I'm still
>  just learning my way around the eprints code.
> 
> For the ACS-specific code, I plan on basing it on Microsoft's ACS
>  plugin for wordpress, which looks like it'll be fairly straightforward
>  to convert to perl.
>  http://wordpress.org/extend/plugins/acs-plugin-for-wordpress/

I'm not familiar with ACS but there's a few approaches to customising
authentication in EPrints (and more in 3.3.x).

If you're getting a username & password within EPrints you can change
the authentication in cfg.d/user_login.pl.

To login via another page (single-sign-on) you will want to add a
"get_login_url":
http://permalink.gmane.org/gmane.comp.web.eprints.devel/14574

Or you could override /cgi/login by creating a a file at
archives/[archiveid]/cgi/login.

-- 
All the best,
Tim

Attachment: signature.asc
Description: This is a digitally signed message part