EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #07417


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

[EP-tech] Shibboleth in an existing Eprints Archive


Hi all,

 

we have the following task: our Eprints archive exists and there are around 600 User accounts in it. Till now we have always used the local login and in the next 3-4 months we would like make it possible that our users authenticate only with Shibboleth. For all new users the authentication workflow is clear but for all users which have already account in our archive we have to find a mechanism that will make it possible for them to login with Shibboleth and to keep their Working Area and Publications in their accounts. Therefore after a successful first Shibboleth login we have to “map” their old user-id and their Shibboleth ID. We have planned the following workflow:

1.       Login with Shibboleth

2.       If this user with Shibboleth ID is already in our database then grant access to the Archive

3.       Otherwise ask whether the user has a local account

a.       If the answer is no then create a new account

b.       If the answer is yes then the user has to authenticate with his local account (username AND password)

                                                                   i.       If the local authentication is successful  replace the local ID, email and name and keep a link to the local id (for further reference)

                                                                 ii.       If the local authentication is not successful go to 3.

 

Has someone better suggestions? Has someone already “mapped” local against Shibboleth accounts?

 

Thank you very much in advance!

 

Best Regards,

Zaharina Stoynova