https://github.com/dartmouth-dltg/aspace-omniauth-cas

An ArchivesSpace plugin to provide OmniAuth/CAS single-sign-on authentication.
https://github.com/dartmouth-dltg/aspace-omniauth-cas

Last synced: 22 days ago
JSON representation

An ArchivesSpace plugin to provide OmniAuth/CAS single-sign-on authentication.

• Host: GitHub
• URL: https://github.com/dartmouth-dltg/aspace-omniauth-cas
• Owner: dartmouth-dltg
• License: other
• Created: 2015-09-25T20:17:37.000Z (almost 9 years ago)
• Default Branch: main
• Last Pushed: 2024-03-06T18:54:21.000Z (4 months ago)
• Last Synced: 2024-04-17T01:56:02.352Z (3 months ago)
• Language: Ruby
• Size: 60.5 KB
• Stars: 2
• Watchers: 6
• Forks: 5
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: COPYING

Lists

• awesome-archivesspace - ArchivesSpace authentication with OmniAuth/CAS - sign-on authentication. (Plug-ins / Authentication)

README

        
ArchivesSpace authentication with OmniAuth/CAS

==================================

Getting started

-------------

Download and unpack the latest release of the plugin into your

ArchivesSpace plugins directory:

```

	$ curl ...

	$ cd /path/to/archivesspace/plugins

    $ unzip ...

```

Initialize the `omniauthCas` plugin (this will download the gems

needed by the plugin):

```

     # For Linux/OSX

     $ scripts/initialize-plugin.sh aspace-omniauth-cas

     

     # For Windows

     % scripts\initialize-plugin.bat aspace-omniauth-cas

```

Configure the plugin by adding the following to your ArchivesSpace

configuration file (`config/config.rb`), modified as appropriate to

your local situation:

```

	AppConfig[:omniauthCas] = {

		:provider => {

			:url                  => 'https://',

			:login_url            => '/cas/login',

			:service_validate_url => '/cas/serviceValidate',

			:uid_key              => '',

			:host                 => '',

			:ssl                  => true,

		},

		:frontendUidProc  => lambda { |hash| ... },

		:backendUidProc   => lambda { |hash| ... },

		:backendEmailProc => lambda { |hash| ... },

		:logoutUrlPath    => '',

#       :initialUser      => {

#	        :username => '',

#           :name     => '/omniauthCas` endpoint in

`backend/controller/users.rb`).

When the `/users//omniauthCas` endpoint (in

`backend/controller/users.rb`) is invoked, it verifies that the user

that authenticated to the frontend is a valid ArchivesSpace user

before using the OmniAuth/CAS machinery to validate the pristine CAS

ticket.  If successful, the user's information in ArchivesSpace (name,

email) are updated from the CAS payload, and then a session is created

for the user and returned to the frontend.

A CAS proxy ticket might be better used than the ticket generation in

the frontend `OacSessionController#second` method, above, but lacking

specific support in OmniAuth/CAS for that part of the protocol, the

above seemed most workable.

Eric J. Bivona ()  

Digital Library Technologies Group  

Dartmouth College Library  

---