Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] central authentication/authorization

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] central authentication/authorization


Chronological Thread 
  • From: Kathryn Huxtable <>
  • To: <>, <>
  • Subject: Re: [grouper-users] central authentication/authorization
  • Date: Thu, 22 Jun 2006 10:54:14 -0500

I would start with Michael Gettes. -K


On 6/22/06 9:50 AM,
""

<>
wrote:

> Gavril,
>
> Rather than connecting applications directly to your LDAP server(s) (the
> multiplicity of them possibly being an issue here), a better solution would
> be
> to use a campus-wide authentication service - which might be based on CAS,
> PubCookie or several other open source or proprietary products.
>
> Better still would be to enable your applications as Shibboleth
> Service-Providers (using your campus-wide Shibboleth Identity-Provider
> service, which in turn should use a campus authentication service), then you
> have an extra level of indirection, and the ability to map user attributes
> that are maintained in the LDAP(s) to attributes your applications will use
> to
> base authorisation decisions on.
>
> This is the sort of access management architecture in which (I think)
> Grouper
> is designed to work best. It may also make it easier for you to use related
> tools like Signet, to manage authorisation permissions centrally.
>
> I also think you have people at Duke (but I'm not sure who right now) who
> are
> actively involved in implementing Grouper, Signet, Shibboleth and the
> architectures around them. They should be awake fairly soon now ;->
>
> John Paschoud
> InfoSystems Engineer
> LSE Library
> London School of Economics & Political Science, UK
>
> ________________________________
>
> From:
>
>
> [mailto:]
> Sent: Thu 22/06/06 14:19
> To:
>
> Subject: [grouper-users] central authentication/authorization
>
>
>
> Hi,
>
> I am an Analyst/Programmer in the Press Department at Duke University. I
> am familiar with Java and LDAP.
>
> I am wondering whether it is possible to use our campus-wide
> authentication credentials for some of our newly developed web
> applications (department level)? (in other words the same userid and
> password). This will require access to the University LDAP server in
> order to validate against the attributes centrally stored. Is it
> realistic to ask for access to that server and to embed in our
> departmental applications the necessary authentication procedures? Which
> would be the steps to follow in order to implement a single sign-on
> procedure? I should be able to get server information and an account to
> access it?
>
> I appreciate your feed-back on this,
>
> Thank you,
>
> Gavril
>
>




Archive powered by MHonArc 2.6.16.

Top of Page