Quantcast

Shibboleth authentication

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Shibboleth authentication

vincenzo
Hello,

I just set up VuFind along with NewGenLib.
So I can login in VuFind with the NGL user credentials.

Now I would like to add shibboleth access to VuFind.

My question is:
Once enabled and configured the shibboleth module, can I automatically provision the NGL users ?
That is, can a new user (with no previous registration in NGL) login to VuFind via shibboleth and trigger a  new user registration / profiling (possibly automatic, basing on the user attributes) in NGL ?

Any help would be much appreciated.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Shibboleth authentication

Jochen Lienhard
Hi Vincenzo,

I don't know what NewGenLib is, but I understand how shibboleth works.

The Identity Provider of shibboleth does not write in the Identity
Management System, where the users account and password is
placed. Usually the Service Provider (vufind) will send a user to the
login-Mask of the Identity Provider. You can put there some
infos or link or something else for self register, but this has nothing
to do with the shibboleht process.

I hope this helps you.

Greetings

Jochen

vincenzo schrieb:

> Hello,
>
> I just set up VuFind along with NewGenLib.
> So I can login in VuFind with the NGL user credentials.
>
> Now I would like to add shibboleth access to VuFind.
>
> My question is:
> Once enabled and configured the shibboleth module, can I automatically
> provision the NGL users ?
> That is, can a new user (with no previous registration in NGL) login to
> VuFind via shibboleth and trigger a  new user registration / profiling
> (possibly automatic, basing on the user attributes) in NGL ?
>
> Any help would be much appreciated.
>
>
>
> --
> View this message in context: http://vufind.2307425.n4.nabble.com/Shibboleth-authentication-tp4661789.html
> Sent from the vufind-tech mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Own the Future-Intel® Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest.
> Compete for recognition, cash, and the chance to get your game
> on Steam. $5K grand prize plus 10 genre and skill prizes.
> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> _______________________________________________
> Vufind-tech mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/vufind-tech


--
Dr. rer. nat. Jochen Lienhard
Dezernat EDV

Albert-Ludwigs-Universit├Ąt Freiburg
Universit├Ątsbibliothek
Rempartstr. 10-16  | Postfach 1629
79098 Freiburg     | 79016 Freiburg

Telefon: +49 761 203-3908
E-Mail: [hidden email]
Internet: www.ub.uni-freiburg.de


------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Vufind-tech mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vufind-tech
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Shibboleth authentication

vincenzo
This post was updated on .
Hi Jochen,

NewGenLib is one of the catalog systems supported by VuFind.

I guess I was not clear in the opening post.
The point is not how to create the identity in the autoritative IdP.
That is assumed already done.
The problem is how to profile the user in NGL.
Since NGL has no shibboleth module, I have to rely on VuFind for SSO.
But VuFind expects user to be already registered in NGL.
Hence the need for a "trigger" from VuFind to NGL to  provision the new NGL users.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Shibboleth authentication

Mosior, Benjamin
Vincenzo,

The easiest thing you could do is pre-provision user accounts in NGL. This could be done with a script that iterates over all the users in your authentication backend (for example, LDAP/AD). If a user isn't in NGL, add his/her account (via SQL query?). Once you're up-to-date, you could include NGL account creation as part of the general user account creation policy at your institution/company.

If you are absolutely set on doing provisioning through VuFind, then there will a bit more work involved. Since VuFind's NewGenLib ILS driver doesn't have the functionality to create a user inside NGL, you will have to write that functionality yourself. You would have to modify the NewGenLib.php driver and add a createPatron function that executes the appropriate SQL on the NGL side. Then you would have to modify the workflow of the Shibboleth authentication process by handling cases where a user is not found. That seems like more work to me when compared to the first option.

Benjamin Mosior

-----Original Message-----
From: vincenzo [mailto:[hidden email]]
Sent: Wednesday, April 03, 2013 4:07 AM
To: [hidden email]
Subject: Re: [VuFind-Tech] Shibboleth authentication

Since NGL has no shibboleth module, I have to rely on VuFind for SSO.
But VuFind expects user to be already registered in NGL.
Hence the need for a "trigger" from VuFind to NGL to  provision the (new) users.


------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Vufind-tech mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vufind-tech
Loading...