Single-Sign On

[DevOps Pro]

Has anyone ever integrated Atom& Archivematica with Single-Sign on using Shiboleth or any other single-sign on components. 

[DevOps Pro]

Is it possible that it can be setup and configured for ADFS or SiteMinder authentication with single sign on? 

[Dan Gillean]

Hi there, 

The CENDARI project created a Shibboleth plugin some time ago, but as far as I'm aware, it has not been maintained, and the last known version it worked with was release 2.3. One user in the forum told us that with a few configuration changes, he was able to get it working on 2.4.1 - thread here. You can find some details about the plugin on our wiki, here: 

• https://wiki.accesstomemory.org/Community/Community_resources/Development#CENDARI_Shibboleth_authentication_plugin
  

In the public project, AtoM has limited (and currently undocumented) existing support for LDAP, and release 2.7 will also have basic support for a plugin that uses the CAS (2.0 or 3.0) protocol for authentication. These already provide some SSO-like functionality, and even if they won't directly meet your needs, might provide good guidance as a reference for how you can implement further types of protocols. At present I'm not personally aware of other community implementations, though they may exist! 

Unfortunately I never had a chance to test and document the LDAP feature during development so it's not currently in the official documentation, but the ticket provides configuration details: 

• https://projects.artefactual.com/issues/9765
  

The documentation for the CAS-based authentication has already been added to the 2.7 documentation branch. See it here: 

• https://www.accesstomemory.org/docs/2.7/admin-manual/customization/authentication/#cas-enabling

I believe that with some modification, the LDAP integration may work with ActiveDirectory. I'm not familiar with SiteMinder, but I suspect that development will be required to support integration. 

Good luck, and let us know how it goes! 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056

@accesstomemory

he / him

--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/b3004734-5696-4056-a01a-8d5d46bb59edn%40googlegroups.com.