Authentication plugin (SAML)

[merc]

Hello,

I will be implementing a SAML authentication solution for Omeka and was wondering if there was any existing guidance on developing authentication plugins for Omeka. Any tips, advice or useful documentation anyone can provide will be appreciated and save me some time in the implementation.

Regards,

Mike

[Patrick Murray-John]

Mike,

We haven't worked with authentication plugins much here at the Center, but there's an LDAP plugin that you might look at.

Patrick

--
You received this message because you are subscribed to the Google Groups "Omeka Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to omeka-dev+...@googlegroups.com.
To post to this group, send email to omek...@googlegroups.com.
Visit this group at http://groups.google.com/group/omeka-dev.
For more options, visit https://groups.google.com/d/optout.

[merc]

That is very helpful! Thanks Patrick!

[Cillian Joy]

Hi Mike

Let us know how you get on with this project!

Regards,

Cillian

[merc]

I am making good progress, I can login a user via SAML by going to /users/login and log them out via /users/logout, once login i can go to /admin as an admin and everything works fine.

what i did is overrode the routes in my plugin for these two actions and put the SAML magic in there. I plan on overiding all of the UsersController action with SAMLish behaviors..

I do have a problem though, when I go to /admin without being logged in, it redirects to /admin/users/login and goes into an endless loop. It never its my loginAction in my custom controller.

I am trying to trace what is causing the redirect but not having any luck yet. I was wondering if anyone had any pointers on overriding the UsersController from the /admin pages in a plugin.

Thanks!

Michel

[John Flatness]

There's a whitelist of module/controller/action names that Omeka uses to
decide which admin-side pages you can get to before you're logged in.

If you're using your own action for login, you'll need to add it to the
whitelist, with the admin_whitelist filter.

It might also be worth looking into whether you can do what you need to
do with just the login_form and login_adapter filters, which just alter
what the existing UsersController does without making you implement your
own. Those filters essentially let you replace the Zend_Form and
Zend_Auth_Adapter classes that get used to collect and process the auth
data. I'm not familiar enough with SAML to know if it truly needs its
own controller to do its thing, but if not, those filters could be an
easier option.

-John

> --
> You received this message because you are subscribed to the Google
> Groups "Omeka Dev" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to omeka-dev+...@googlegroups.com

> <mailto:omeka-dev+...@googlegroups.com>.

> To post to this group, send email to omek...@googlegroups.com

> <mailto:omek...@googlegroups.com>.

[Michel Chamberland]

Thanks john, that did the trick!.

I cannot use the filter because I have to redirect the user to a completely separate web site to login.

an email to omeka-dev+unsubscribe@googlegroups.com
<mailto:omeka-dev+unsubscribe@googlegroups.com>.

To post to this group, send email to omek...@googlegroups.com

<mailto:omeka-dev@googlegroups.com>.

Visit this group at http://groups.google.com/group/omeka-dev.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "Omeka Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/omeka-dev/GA3pewS6RAE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to omeka-dev+unsubscribe@googlegroups.com.
To post to this group, send email to omek...@googlegroups.com.

Visit this group at http://groups.google.com/group/omeka-dev.
For more options, visit https://groups.google.com/d/optout.

--

mer...@gmail.com

C|EH, C|HFI, GIAC G2700, TCNA, CCSK, MCTS, MCP 

[Michel Chamberland]

Hello everyone,

I'd like to make the site require authentication for all pages. Is there an easy way to do so in omeka? I was thikning of if doing it thru define_acl but have not been successful yet...

Thanks again!

Michel

[Patrick Murray-John]

Something in define_acl seems like a way to go. Could you post or link to the code you tried?

Sometimes, for complex situations, a new class that implements Zend_Acl_Assert_Interface is needed.

You might also peek around in the GuestUser plugin for different ways to restrict access

Patrick

an email to omeka-dev+...@googlegroups.com
<mailto:omeka-dev+...@googlegroups.com>.

To post to this group, send email to omek...@googlegroups.com

<mailto:omek...@googlegroups.com>.

Visit this group at http://groups.google.com/group/omeka-dev.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "Omeka Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/omeka-dev/GA3pewS6RAE/unsubscribe.

To unsubscribe from this group and all its topics, send an email to omeka-dev+...@googlegroups.com.

To post to this group, send email to omek...@googlegroups.com.
Visit this group at http://groups.google.com/group/omeka-dev.
For more options, visit https://groups.google.com/d/optout.

--

mer...@gmail.com

C|EH, C|HFI, GIAC G2700, TCNA, CCSK, MCTS, MCP 

--

mer...@gmail.com

C|EH, C|HFI, GIAC G2700, TCNA, CCSK, MCTS, MCP 

--

You received this message because you are subscribed to the Google Groups "Omeka Dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to omeka-dev+...@googlegroups.com.