Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Shibboleth #791

Closed
pdurbin opened this issue Jul 31, 2014 · 5 comments
Closed

Shibboleth #791

pdurbin opened this issue Jul 31, 2014 · 5 comments
Labels
Type: Feature a feature request

Comments

@pdurbin
Copy link
Member

pdurbin commented Jul 31, 2014

Support for Shibboleth is a long-requested feature and we'll use this ticket to capture a bit of history and the latest development efforts.

Starting in the DVN 3.x days ( https://github.com/IQSS/dvn ) we tracked Shibboleth progress at https://redmine.hmdc.harvard.edu/issues/2657 and took many notes on possible approaches including OpenAM, OIOSAML, mod_shib, and rolling our own solution.

Currently, in this Dataverse 4.0 code base, we are following the lead of @DANS-KNAW who has decided on mod_shib as a solution in their fork of DVN 3.x: https://github.com/DANS-KNAW/dvn

The best place to see the current thinking about Shibboleth is https://github.com/IQSS/dataverse/blob/master/doc/Architecture/auth.md

There is a tiny bit of config captured at https://github.com/IQSS/dataverse/tree/master/conf/vagrant/etc/shibboleth and some modest testing going on at http://apitest.dataverse.org . (Internally, we are working supporting more than one IdP in INC00953080.)

The best place to discuss Shibboleth in Dataverse is https://lists.iq.harvard.edu/mailman/listinfo/dvn-auth . We are especially interested in having institutions who run Shibboleth comment on the following:

To have some institutions in the United States be able to log into Dataverse installations via Shibboleth "without friction or administrator involvement" we may want to consider (and recommend) joining the "Research & Scholarship Category" of InCommon: https://spaces.internet2.edu/display/InCFederation/Research+and+Scholarship+Category

@pdurbin pdurbin added this to the In Review - Dataverse 4.0 milestone Jul 31, 2014
@pdurbin pdurbin self-assigned this Jul 31, 2014
@pdurbin
Copy link
Member Author

pdurbin commented Aug 1, 2014

We've split out the UI/UX for the Shibboleth login process into a separate ticket: #794

@akio-sone
Copy link
Contributor

Hi Phil,
when you started to work on this task, did you check Spring Security SAML?

http://projects.spring.io/spring-security-saml/

While I am not sure whether Spring Security is commensurable with
Dataverse 4.0, this Spring SAML comes with a sample SSO as follows:

https://github.com/spring-projects/spring-security-saml/tree/master/sample

http://docs.spring.io/spring-security-saml/docs/1.0.x-SNAPSHOT/reference/htmlsingle/#sample-app

Akio

On 7/31/2014 8:10 AM, Philip Durbin wrote:

Support for Shibboleth is a long-requested feature and we'll use this
ticket to capture a bit of history and the latest development efforts.

Starting in the DVN 3.x days ( https://github.com/IQSS/dvn ) we tracked
Shibboleth progress at https://redmine.hmdc.harvard.edu/issues/2657 and
took many notes on possible approaches
https://docs.google.com/document/d/1y2axfd_ScmXVICFlV8AuPDdp5xHwTag54pUpVefzs5g/edit?usp=sharing
including OpenAM, OIOSAML, mod_shib, and rolling our own solution.

Currently, in this Dataverse 4.0 code base, we are following the lead of
@DANS-KNAW https://github.com/DANS-KNAW who has decided on mod_shib as
a solution in their fork of DVN 3.x: https://github.com/DANS-KNAW/dvn

The best place to see the current thinking about Shibboleth is
https://github.com/IQSS/dataverse/blob/master/doc/Architecture/auth.md

There is a tiny bit of config captured at
https://github.com/IQSS/dataverse/tree/master/conf/vagrant/etc/shibboleth and
some modest testing going on at http://apitest.dataverse.org .
(Internally, we are working supporting more than one IdP in INC00953080.)

The best place to discuss Shibboleth in Dataverse is
https://lists.iq.harvard.edu/mailman/listinfo/dvn-auth . We are
especially interested in having institutions who run Shibboleth comment
on the following:


Reply to this email directly or view it on GitHub
#791.

Akio Sone
Odum Inst.
UNC at Chapel Hill

@pdurbin
Copy link
Member Author

pdurbin commented Aug 4, 2014

when you started to work on this task, did you check Spring Security SAML?

@akio-sone I didn't look at anything related to Spring Security because it's my understanding that one must adopt the Spring framework to use it. Dataverse doesn't use Spring. It's a Java EE app.

@eaquigley eaquigley modified the milestones: In Review - Dataverse 4.0, Beta 7 (Permissions & Auth Branch) - Dataverse 4.0 Sep 4, 2014
@eaquigley
Copy link
Contributor

Closing and any tickets for Shibboleth should now be opened individually.

@pdurbin
Copy link
Member Author

pdurbin commented Oct 20, 2014

Closing and any tickets for Shibboleth should now be opened individually.

Ok, I opened this one: Refactor Shibboleth code as ShibAuthenticationProvider #963

@pdurbin pdurbin removed their assignment Feb 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Type: Feature a feature request
Projects
None yet
Development

No branches or pull requests

3 participants