[GeoNetwork-devel] SSO

Hi all, are there any on-going initiatives implementing single-sign-on
in GeoNetwork ? Any recommendations for that (security framework,
information to store in the ldap, ...) ?

Here in Camptocamp, we made one basic implementation 2 years ago using a
servlet filter on top of GeoNetwork using CAS and Ldap. Roles and Groups
were stored in the ldap. Major issues we have with this implementation are :
* based on GeoNetwork 2.0.3
* could not easily switch db auth / cas auth
* only authentication access allowed (no public view)

We plan to work on a more robust one to be proposed for trunk so if some
of you have some recommendations before we start working on it feel free
to comments.

Thanks a lot.

Francois

Hi Francois,
This is something that should at least partially be covered by James' Add Shibboleth as an authentication option proposal. (http://shibboleth.internet2.edu/about.html). It is also a subject that needs work on the ebRIM side of things. It would be nice to fit it in there in a clean way so we get that branch in good shape to start transferring existing GeoNetwork services into it at a later stage. The ebRIM branch as you know is using a couple of more common frameworks and coding practices.
Ciao,
Jeroen

On Mar 26, 2009, at 7:59 AM, Francois-Xavier Prunayre wrote:

Hi all, are there any on-going initiatives implementing single-sign-on
in GeoNetwork ? Any recommendations for that (security framework,
information to store in the ldap, ...) ?

Here in Camptocamp, we made one basic implementation 2 years ago using a
servlet filter on top of GeoNetwork using CAS and Ldap. Roles and Groups
were stored in the ldap. Major issues we have with this implementation are :
* based on GeoNetwork 2.0.3
* could not easily switch db auth / cas auth
* only authentication access allowed (no public view)

We plan to work on a more robust one to be proposed for trunk so if some
of you have some recommendations before we start working on it feel free
to comments.

Thanks a lot.

Francois

------------------------------------------------------------------------------
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

Hi all,

there are any news on that topic? Is Shibboleth/SSO implemented at
Geonetwork yet?
Do I understand this right that Shibboleth/SSO needs ebRIM to work?

Thanks.
regards
Sarah

Jeroen Ticheler - 2 wrote:

Hi Francois,
This is something that should at least partially be covered by James'
Add Shibboleth as an authentication option proposal.
(http://shibboleth.internet2.edu/about.html
). It is also a subject that needs work on the ebRIM side of things.
It would be nice to fit it in there in a clean way so we get that
branch in good shape to start transferring existing GeoNetwork
services into it at a later stage. The ebRIM branch as you know is
using a couple of more common frameworks and coding practices.
Ciao,
Jeroen

On Mar 26, 2009, at 7:59 AM, Francois-Xavier Prunayre wrote:

Hi all, are there any on-going initiatives implementing single-sign-on
in GeoNetwork ? Any recommendations for that (security framework,
information to store in the ldap, ...) ?

Here in Camptocamp, we made one basic implementation 2 years ago
using a
servlet filter on top of GeoNetwork using CAS and Ldap. Roles and
Groups
were stored in the ldap. Major issues we have with this
implementation are :
* based on GeoNetwork 2.0.3
* could not easily switch db auth / cas auth
* only authentication access allowed (no public view)

We plan to work on a more robust one to be proposed for trunk so if
some
of you have some recommendations before we start working on it feel
free
to comments.

Thanks a lot.

Francois

------------------------------------------------------------------------------
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork

------------------------------------------------------------------------------
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork

--
View this message in context: http://n2.nabble.com/SSO-tp2536905p3973181.html
Sent from the GeoNetwork developer mailing list archive at Nabble.com.