Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dartmouth-dltg/aspace-omniauth-cas
An ArchivesSpace plugin to provide OmniAuth/CAS single-sign-on authentication.
https://github.com/dartmouth-dltg/aspace-omniauth-cas
Last synced: 22 days ago
JSON representation
An ArchivesSpace plugin to provide OmniAuth/CAS single-sign-on authentication.
- Host: GitHub
- URL: https://github.com/dartmouth-dltg/aspace-omniauth-cas
- Owner: dartmouth-dltg
- License: other
- Created: 2015-09-25T20:17:37.000Z (almost 9 years ago)
- Default Branch: main
- Last Pushed: 2024-03-06T18:54:21.000Z (4 months ago)
- Last Synced: 2024-04-17T01:56:02.352Z (3 months ago)
- Language: Ruby
- Size: 60.5 KB
- Stars: 2
- Watchers: 6
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: COPYING
Lists
- awesome-archivesspace - ArchivesSpace authentication with OmniAuth/CAS - sign-on authentication. (Plug-ins / Authentication)
README
ArchivesSpace authentication with OmniAuth/CAS
==================================Getting started
-------------Download and unpack the latest release of the plugin into your
ArchivesSpace plugins directory:```
$ curl ...
$ cd /path/to/archivesspace/plugins
$ unzip ...
```Initialize the `omniauthCas` plugin (this will download the gems
needed by the plugin):```
# For Linux/OSX
$ scripts/initialize-plugin.sh aspace-omniauth-cas
# For Windows
% scripts\initialize-plugin.bat aspace-omniauth-cas
```Configure the plugin by adding the following to your ArchivesSpace
configuration file (`config/config.rb`), modified as appropriate to
your local situation:```
AppConfig[:omniauthCas] = {
:provider => {
:url => 'https://',
:login_url => '/cas/login',
:service_validate_url => '/cas/serviceValidate',
:uid_key => '',
:host => '',
:ssl => true,
},
:frontendUidProc => lambda { |hash| ... },
:backendUidProc => lambda { |hash| ... },
:backendEmailProc => lambda { |hash| ... },
:logoutUrlPath => '',
# :initialUser => {
# :username => '',
# :name => '/omniauthCas` endpoint in
`backend/controller/users.rb`).When the `/users//omniauthCas` endpoint (in
`backend/controller/users.rb`) is invoked, it verifies that the user
that authenticated to the frontend is a valid ArchivesSpace user
before using the OmniAuth/CAS machinery to validate the pristine CAS
ticket. If successful, the user's information in ArchivesSpace (name,
email) are updated from the CAS payload, and then a session is created
for the user and returned to the frontend.A CAS proxy ticket might be better used than the ticket generation in
the frontend `OacSessionController#second` method, above, but lacking
specific support in OmniAuth/CAS for that part of the protocol, the
above seemed most workable.Eric J. Bivona ()
Digital Library Technologies Group
Dartmouth College Library---