[Building Sakai] How to CASifying WebDAV access

Matthew Jones matthew at longsight.com
Sat Jan 19 10:03:45 PST 2013 

Well, it would depend on which SSO you're using, but I think you'd want to
exclude the /dav path from being protected by the SSO
Like for Shibboleth and Apache. Most SSO's have some option like this.

But yea, none of the webdav clients support SSO and it's not in the webdav
protocol.  SSO requires things like cookies and sessions and webdav is just
basic auth or digest with the plain password.

There were some attempts to create a better UI for resources so that webdav
wouldn't be needed, but this hasn't happened yet.

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig

  <Location /dav>
  AuthType Shibboleth
  ShibRequestSetting requireSession false
  Require Shibboleth
  </Location>




On Sat, Jan 19, 2013 at 7:54 AM, 高珺 <gaojun at fudan.edu.cn> wrote:

>  Thanks Matthew,
>
> Actually, we have LDAP provider, and I modified the WebDAV servlet to
> communicate the LDAP server.
>
> It works fine except losting the SSO feature.
>
> 于 2013年01月19日 12:25, Matthew Jones 写道:
>
> We've talked about this a little, and basically what you'd have to do is
> have the resources page generate a temporary single use password that
> someone could copy and paste into their webdav client from the Resources if
> they were logged in via CAS. Quite a bit of dev work would be involved in
> this.
>
>  Or you'd have to use a an existing provider (like LDAP) or some new
> custom one that can also do a validation of the users password directly
> from the Sakai server as well as on the CAS front-end.
>
>
> On Wed, Jan 16, 2013 at 8:07 PM, Sam Ottenhoff <ottenhoff at longsight.com>wrote:
>
>> WebDAV authentication is direct.  WebDAV clients cannot direct a user to
>> a third-party login screen (CAS or Shibboleth).  There is no method to make
>> WebDAV work with CAS.
>>
>>  --Sam
>>
>>
>> On Wed, Jan 16, 2013 at 7:40 PM, 高珺 <gaojun at fudan.edu.cn> wrote:
>>
>>> Dear all,
>>>
>>> According to [1], I sucessfuly made the Sakai work with CAS. Yet, the
>>> WebDAV still use the internal password to authorize user.
>>>
>>> May be I can modify the org.sakaiproject.dav.DavServlet, but I think
>>> it's ugly to do so.
>>>
>>> Is there any good idear to make WebDAV work with CAS?
>>>
>>>
>>> [1]
>>>
>>> https://confluence.sakaiproject.org/display/~steve.swinsburg/CASifying+Sakai+with+CAS+3<https://confluence.sakaiproject.org/display/%7Esteve.swinsburg/CASifying+Sakai+with+CAS+3>
>>>
>>> --
>>> Gao Jun
>>> Fudan University
>>>
>>>
>>> _______________________________________________
>>> sakai-dev mailing list
>>> sakai-dev at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>
>>> TO UNSUBSCRIBE: send email to
>>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>>> "unsubscribe"
>>>
>>
>>
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to
>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>>
>
>
>
> --
> Gao Jun
> Fudan University
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130119/f2241deb/attachment.html

More information about the sakai-dev mailing list