[Building Sakai] User account integration

Kevin P. Foote kpfoote at iup.edu
Wed Jul 7 08:32:27 PDT 2010 

Brandon .. 

I'm coming in late on this thread, and don't want to catch up..... 
But yes you can authN through a SP such as the Shibboleth SP or simpleSAML SP.
What your after is container auth.. here I believe. 

In a sakai setup I've had apache w/shibboleth-sp providing authN to
sakai running in tomcat.. works fine. I don't think you'll need a 'custom
UserDirectoryProvider' .. at least I don't recall doing that.

Troll the list archive. It's in there..

You will have to be familiar with configuring your simpleSAML-sp ..
(which I am not).

------
thanks
  kevin.foote

On Wed, 7 Jul 2010, Brandon Davie wrote:

-> Hi Steve,
-> 
-> Thanks for the information. Is there any documentation regarding
-> implementing a custom UserDirectoryProvider? I¹ve looked within the
-> Programmer¹s Café and haven¹t found anything substantial.
-> 
-> Our plans have changed (yet again), though. It looks like we implemented a
-> SAML based auth service and would like to offload all authentication to it.
-> Ideally Sakai would perform the auth request and login the user (creating a
-> local account if necessary) or otherwise redirect to the identity provider¹s
-> login to allow the user to sign in and be redirected back to Sakai. I
-> imagine this would be easier to set up within Sakai than writing a custom
-> UserDirectoryProvider to handle the auth locally.  Any tips or documentation
-> on that?
-> 
-> We are actually using a slightly customized version of simpleSAMLphp if that
-> helps. 
-> 
-> Thanks!
-> 
-> Brandon Davie
-> Programmer
-> The Schools of McKeel Academy
-> (863) 499 2818 EXT 222
-> 
-> 
-> 
-> From: Steve Swinsburg <steve.swinsburg at gmail.com>
-> Date: Sat, 3 Jul 2010 19:05:53 +1000
-> To: Brandon Davie <brandondavie at mckeelacademy.com>
-> Cc: <sakai-dev at collab.sakaiproject.org>
-> Subject: Re: [Building Sakai] User account integration
-> 
-> Hi Brandon,
-> 
-> Take a look at the providers module in the source of Sakai. This is where
-> the LDAP/Kerberos providers reside. You could create a new provider that
-> talks to your database by implementing UserDirectoryProvider and optionally
-> ExternalUserSearchUDP. This provider will then 'provide' the account details
-> to Sakai, ie name, email etc.
-> 
-> For SSO, I'd recommend CAS. You would set this up at your institution and
-> configure CAS to talk to the same database to get the user information. Then
-> configure Sakai to offload it's authentication to CAS:
-> http://confluence.sakaiproject.org/display/~steve.swinsburg/CASifying+Sakai
-> 
-> cheers,
-> Steve
-> 
-> On 03/07/2010, at 1:30 AM, Brandon Davie wrote:
-> 
-> > Hello,
-> > 
-> > I¹m looking to use an external MySQL database to authenticate users in Sakai
-> > 2.7. Password and certain profile changes (i.e., first & last names) done from
-> > within Sakai also need to filter over to this MySQL database. Any pointers?
-> > I¹ve done some searching and found articles on how to implement LDAP or CAS,
-> > but nothing along these lines. I¹m new to Sakai so please be patient with me
-> > ;-) 
-> > 
-> > A secondary objective would be to support SSO, including signing the user into
-> > Sakai if they sign in elsewhere, sign out of Sakai if they sign out elsewhere,
-> > sign in to other resources if they sign into Sakai, and sign out of other
-> > resources if they sign out of Sakai.
-> > 
-> > Thanks! 
-> > 
-> > Brandon Davie
-> > Programmer
-> > The Schools of McKeel Academy
-> > (863) 499 2818 EXT 222
-> > _______________________________________________
-> > sakai-dev mailing list
-> > sakai-dev at collab.sakaiproject.org
-> > http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
-> > 
-> > TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org
-> > with a subject of "unsubscribe"
-> 
-> 
-> 
->

More information about the sakai-dev mailing list