search

eXtensibleCatalog / NCIP2-Toolkit

Connect ILS circulation systems with XC
6 stars 6 forks source link

Authentication Functionality in Voyager connector #136

Open patrickzurek opened 7 years ago

patrickzurek commented 7 years ago

JIRA issue created by: rcook Originally opened: 2011-08-17 07:21 PM

Issue body: (nt)

patrickzurek commented 7 years ago

JIRA Coment by user: rcook JIRA Timestamp: 2011-08-17 07:46 PM

Comment body:

With NCIP 2, there no longer is a separate authentication service. The authentication credentials have been moved into each service that would/could require authentication.

Proposal 1 - Lookup User will be the de facto authentication service for Drupal Tooklit.

Proposal 2 - Previously, Drupal Toolkit passed the credentials to the NCIP Toolkit buy guessing (pass LDAP username first, then username). We propose moving this to be a job of the Voyager Connector. The NCIP Toolkit will be able to be configured for what to do. For example, UR can try LDAP first then Voyager based authentication. CARLI, not using LDAP, will only use Voyager authentication.

Proposal 3 - When using prior ODBC based Voyager connector, it was the NCIP Toolkit's job to maintain the authenticated session. When the session was over, the NCIP response would signal that authentication must happen again (and Drupal would ask the user to enter their credentials again). With the switch to stateless webservices, this is no longer happening. We propose continuing to have it be the function of the NCIP Voyager connector to maintain a session. This will be done by allowing a configuration in the connector for duration that a "session" can be active once authentication credentials have been sent and validated.

Drupal will need to pass the Authentication Inputs when the user first logs in. The NCIP Toolkit will pass back an identifier (called User ID) that represents this user for the session duration. (We will need to come up with a scheme name for User Identifier Type, perhaps NCIP Session). Drupal would then use this ID in subsequent requests (e.g. Lookup User, Renew Item). As before, when the session expires in the NCIP Toolkit, the NCIP message will request that the full Authentication Input be sent again.

This probably needs a little bit of fine tuning. Most of this is work for Patrick. But we will need input from John and it affects MT and Peter.

patrickzurek commented 7 years ago

JIRA Coment by user: rcook JIRA Timestamp: 2011-08-24 04:59 PM

Comment body:

Removal of Proposal 3, which will greatly simplify this. We will not create a state/session in the NCIP Toolkit. We will leave the web services as they are...stateless. This means that Drupal Toolkit will need to cache and timestamp the initial LU response.

Drupal Toolkit will need a refresh option, at which time the user needs to be prompted to reenter their credentials. When actions that update the ILS occur, such as Renew Item, the user will likewise need to reenter their credentials. I will create a DT issue for this.

patrickzurek commented 7 years ago

JIRA Coment by user: rcook JIRA Timestamp: 2012-08-01 11:05 AM

Comment body:

Hey Patrick, wondering if this is a good next thing? Rocester for example would want to try LDAP first. CARLI would not? Please weigh in on the importance of this?

Notify to [~bgant] for input.

[~mwesley] Do you know of the DT has this refresh option?

patrickzurek commented 7 years ago

JIRA Coment by user: rcook JIRA Timestamp: 2012-12-12 01:17 PM

Comment body:

Moving to "Holding"