Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] central authentication/authorization

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] central authentication/authorization

Chronological Thread 
  • From: Kathryn Huxtable <>
  • To: <>, <>
  • Subject: Re: [grouper-users] central authentication/authorization
  • Date: Thu, 22 Jun 2006 10:54:14 -0500

I would start with Michael Gettes. -K

On 6/22/06 9:50 AM,


> Gavril,
> Rather than connecting applications directly to your LDAP server(s) (the
> multiplicity of them possibly being an issue here), a better solution would
> be
> to use a campus-wide authentication service - which might be based on CAS,
> PubCookie or several other open source or proprietary products.
> Better still would be to enable your applications as Shibboleth
> Service-Providers (using your campus-wide Shibboleth Identity-Provider
> service, which in turn should use a campus authentication service), then you
> have an extra level of indirection, and the ability to map user attributes
> that are maintained in the LDAP(s) to attributes your applications will use
> to
> base authorisation decisions on.
> This is the sort of access management architecture in which (I think)
> Grouper
> is designed to work best. It may also make it easier for you to use related
> tools like Signet, to manage authorisation permissions centrally.
> I also think you have people at Duke (but I'm not sure who right now) who
> are
> actively involved in implementing Grouper, Signet, Shibboleth and the
> architectures around them. They should be awake fairly soon now ;->
> John Paschoud
> InfoSystems Engineer
> LSE Library
> London School of Economics & Political Science, UK
> ________________________________
> From:
> [mailto:]
> Sent: Thu 22/06/06 14:19
> To:
> Subject: [grouper-users] central authentication/authorization
> Hi,
> I am an Analyst/Programmer in the Press Department at Duke University. I
> am familiar with Java and LDAP.
> I am wondering whether it is possible to use our campus-wide
> authentication credentials for some of our newly developed web
> applications (department level)? (in other words the same userid and
> password). This will require access to the University LDAP server in
> order to validate against the attributes centrally stored. Is it
> realistic to ask for access to that server and to embed in our
> departmental applications the necessary authentication procedures? Which
> would be the steps to follow in order to implement a single sign-on
> procedure? I should be able to get server information and an account to
> access it?
> I appreciate your feed-back on this,
> Thank you,
> Gavril

Archive powered by MHonArc 2.6.16.

Top of Page