Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shibboleth integration #697

Closed
wants to merge 22 commits into from
Closed

Shibboleth integration #697

wants to merge 22 commits into from

Conversation

helenst
Copy link
Contributor

@helenst helenst commented Aug 2, 2017

For #666 - adds optional Shibboleth authentication via headers sent from web server. Originally from JiscRDSS.

Goes with artefactual/archivematica-storage-service#210

Currently based against the wrong branch, so not ready to merge yet, will rebase when #696 is merged.

sevein and others added 22 commits August 1, 2017 18:50
@sevein
Fix migration: 0038 -> 0039
1e38474
@sevein
Fix typo
c6686d7
@sevein
fix permission bit
490fd3c
@sevein
Ignore static/
09abd8e
@helenst
Shibboleth auth for Archivematica Dashboard
b802945 
* Auto creates user based on info received in configured X-Shib headers
* Auto logs in existing user if matches X-Shib-User header
* Works with ConfigurationCheckMiddleware for auto login

Limitations:
* Usernames still limited to 30 characters
* Does not hook into login/logout URLs yet
@helenst
Add support for longer usernames
92bf2dd
@helenst
Add Shibboleth login and logout URLs
955c437 
Probably will need some refinement once it can be integrated with SP/IdP

* For now, just replace existing login with Shibboleth. Could be made
to work alongside existing login if necessary.
* Insert 'logged out' message page to prevent bouncing straight back to
login.
@helenst
Generate API key for Shibboleth user
bccf08b
@helenst
Prevent users from editing their own profile
b6546c1 
* Users cannot edit fields (these are sent by Shibboleth, and will
be overwritten on next login if changed).
* Users cannot change password.
* Profile page is now a listing of user details, and regen api key form
* Admins still can do all of this for a user.
@helenst
Update Shib headers to match what nginx sends
cea2a45
@helenst
Configure for SSL headers
3d851c2 
Lets Django app know we're behind an SSL connection
@helenst
Set superuser status based on Shib entitlement
0acecf4
@helenst
Adapt welcome middleware to only do global setup
86da941 
Ensure the 'welcome' screen still happens, but is triggered by the
presence of a uuid rather than the existence of any users (since
with Shibboleth auth, there will always be a user at that point).

Welcome form now only takes in organisational info, and doesn't do
anything around user creation. It will still do important things like
generate the UUID.
@helenst
Fix tests
0f242db 
Need to set up uuid so welcome screen doesn't break client tests
@helenst
Group shibboleth config together in settings file
31d6dad
@helenst
Restore login redirect to config middleware
e1211c0 
(It shouldn't be triggered for Shibboleth users as non-exempt
URLs will be prevented from anonymous access by nginx)
@helenst
Display API key using template filter
4496e0b
@helenst
Use get_object_or_404 to load user for editing
a8288c1
@helenst
Use editable or readonly profile view
9c94b7e 
This is controlled by settings.
@helenst
Only include shibboleth urls if app installed
51950ba
@helenst
Introduce user creation back to the welcome form
544cada 
Will only attempt user creation (or show the form) if there are no
existing users
@helenst
Make shibboleth logout link conditional
d7c68f3
@qubot qubot force-pushed the dev/fix-migration branch 3 times, most recently from 764dc9a to 9198655 Compare August 3, 2017 00:07
@qubot qubot closed this Aug 3, 2017
@helenst helenst mentioned this pull request Aug 3, 2017
Merged
@sevein sevein changed the title [WIP] Shibboleth integration Shibboleth integration Aug 8, 2017
@sevein sevein added Jisc RDSS and removed RDSS labels Jul 19, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Jisc RDSS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@helenst @sevein @qubot