pdurbin
commented
10 years ago We've split out the UI/UX for the Shibboleth login process into a separate ticket: #794
Closed pdurbin closed 10 years ago
pdurbin
commented
10 years ago We've split out the UI/UX for the Shibboleth login process into a separate ticket: #794
akio-sone
commented
10 years ago Hi Phil, when you started to work on this task, did you check Spring Security SAML?
http://projects.spring.io/spring-security-saml/
While I am not sure whether Spring Security is commensurable with Dataverse 4.0, this Spring SAML comes with a sample SSO as follows:
https://github.com/spring-projects/spring-security-saml/tree/master/sample
http://docs.spring.io/spring-security-saml/docs/1.0.x-SNAPSHOT/reference/htmlsingle/#sample-app
Akio
On 7/31/2014 8:10 AM, Philip Durbin wrote:
Support for Shibboleth is a long-requested feature and we'll use this ticket to capture a bit of history and the latest development efforts.
Starting in the DVN 3.x days ( https://github.com/IQSS/dvn ) we tracked Shibboleth progress at https://redmine.hmdc.harvard.edu/issues/2657 and took many notes on possible approaches https://docs.google.com/document/d/1y2axfd_ScmXVICFlV8AuPDdp5xHwTag54pUpVefzs5g/edit?usp=sharing including OpenAM, OIOSAML, mod_shib, and rolling our own solution.
Currently, in this Dataverse 4.0 code base, we are following the lead of @DANS-KNAW https://github.com/DANS-KNAW who has decided on mod_shib as a solution in their fork of DVN 3.x: https://github.com/DANS-KNAW/dvn
The best place to see the current thinking about Shibboleth is https://github.com/IQSS/dataverse/blob/master/doc/Architecture/auth.md
There is a tiny bit of config captured at https://github.com/IQSS/dataverse/tree/master/conf/vagrant/etc/shibboleth and some modest testing going on at http://apitest.dataverse.org . (Internally, we are working supporting more than one IdP in INC00953080.)
The best place to discuss Shibboleth in Dataverse is https://lists.iq.harvard.edu/mailman/listinfo/dvn-auth . We are especially interested in having institutions who run Shibboleth comment on the following:
- persistent identifier from IdP https://lists.iq.harvard.edu/pipermail/dvn-auth/2014-July/000016.html
- a Shibboleth group will match against Shib headers in the HTTP request https://github.com/IQSS/dataverse/blob/master/doc/Architecture/auth.md
— Reply to this email directly or view it on GitHub https://github.com/IQSS/dataverse/issues/791.
Akio Sone Odum Inst. UNC at Chapel Hill
pdurbin
commented
10 years ago when you started to work on this task, did you check Spring Security SAML?
@akio-sone I didn't look at anything related to Spring Security because it's my understanding that one must adopt the Spring framework to use it. Dataverse doesn't use Spring. It's a Java EE app.
eaquigley
commented
10 years ago Closing and any tickets for Shibboleth should now be opened individually.
pdurbin
commented
10 years ago Closing and any tickets for Shibboleth should now be opened individually.
Ok, I opened this one: Refactor Shibboleth code as ShibAuthenticationProvider #963
Support for Shibboleth is a long-requested feature and we'll use this ticket to capture a bit of history and the latest development efforts.
Starting in the DVN 3.x days ( https://github.com/IQSS/dvn ) we tracked Shibboleth progress at https://redmine.hmdc.harvard.edu/issues/2657 and took many notes on possible approaches including OpenAM, OIOSAML, mod_shib, and rolling our own solution.
Currently, in this Dataverse 4.0 code base, we are following the lead of @DANS-KNAW who has decided on mod_shib as a solution in their fork of DVN 3.x: https://github.com/DANS-KNAW/dvn
The best place to see the current thinking about Shibboleth is https://github.com/IQSS/dataverse/blob/master/doc/Architecture/auth.md
There is a tiny bit of config captured at https://github.com/IQSS/dataverse/tree/master/conf/vagrant/etc/shibboleth and some modest testing going on at http://apitest.dataverse.org . (Internally, we are working supporting more than one IdP in INC00953080.)
The best place to discuss Shibboleth in Dataverse is https://lists.iq.harvard.edu/mailman/listinfo/dvn-auth . We are especially interested in having institutions who run Shibboleth comment on the following:
To have some institutions in the United States be able to log into Dataverse installations via Shibboleth "without friction or administrator involvement" we may want to consider (and recommend) joining the "Research & Scholarship Category" of InCommon: https://spaces.internet2.edu/display/InCFederation/Research+and+Scholarship+Category