New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dream Platform support #8

Open
derega opened this Issue Dec 18, 2015 · 1 comment

Comments

Projects
None yet
1 participant
@derega
Copy link
Member

derega commented Dec 18, 2015

Dreamschool is based on Dream Platform. Dream UserDB should be added as external data source.

@derega

This comment has been minimized.

Copy link
Member Author

derega commented Feb 9, 2016

First version of this was merged in PR #1. It contains the minimum viable implementation.

This was updated on Dreamschool side this week.

Currently it works like this:

  • User comes in the the Dreamschool SP with SAML assertion from MPASS Auth Proxy
  • Assertion contains MPASS ID
  • If the MPASS ID is found in Dreamschool User Database:
    • User is logged in and everything works
  • User is not found:
    • DS UserDB makes an API query to MPASS Auth Data asking for possible external_id
    • If the response contains valid external_id:
      • The external_id in this case is DS UserDB user ID
      • MPASS ID is added for that user
      • user is logged in and everything works
    • Response does not contain valid external_id
      • This is previously unknown new user
      • Account is created automatically based on attributes in SAML assertion
      • Username is derived from MPASS ID
      • User is always teacher
      • User belongs to organisation named "ECA"

In all cases user is logged in and can use Dreamschool service.

There are still limitations. All users are teachers and they are all in single organisation. This is enough for demo purposes as this is not meant to be production ready yet. The main purpose is to allow testing of MPASS authentication.

There are two ways to use this implementation:

  1. Existing Dreamschool user uses MPASS to log in to Dreamschool using Dreamschool as authentication source.
  2. All users who have MPASS ID can automatically register new account and log in to Dreamschool.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment