Initial external authentication support via proxy
authorDan Wells <dbw2@calvin.edu>
Thu, 3 Nov 2011 18:17:24 +0000 (14:17 -0400)
committerDan Wells <dbw2@calvin.edu>
Sat, 10 Mar 2012 02:51:39 +0000 (21:51 -0500)
commit785c0ae815b547ad36b0876707ad8b95ea5eebce
tree5f32f7f4ef868d88f809c11e5af5aab186071818
parentf99e8feb43bf0df1f100016aa01f57fcbabd0bed
Initial external authentication support via proxy

This is the initial commit to support an authentication proxy module
to facilitate external authentication.  It is a work in progress.

What is does so far:
  - Optionally redirects all JSOPAC login requests over SSL by building
    on the 'forceLoginSSL' configuration bool (you MUST enable this
    option for proper use of the auth proxy)
  - Provides a basic plug-in framework for external authentication
    implementations, including configuration options for segregating
    authenticators based on login type or org_unit
  - Allows for multiple cascading authentication tests, including
    simultaneous support for external and internal (EG 'native')
    authentication
  - Provides a 'master switch' to easily revert to using the native EG
    authentication routines only
  - Includes an example LDAP plug-in which supports bind-style auth
    checks

Biggest outstanding known needs:
  - TTOPAC integration, including SSL redirection
  - Tying of login attempts to current brute-force prevention setup
  - Treatment of end-user 'change password' interfaces
  - Support TT/Conifer style authentication prompt

Missing but desirable feature:
  - Allow for manual selection of authenticator by end-user, including
    localization support

Signed-off-by: Dan Wells <dbw2@calvin.edu>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
13 files changed:
Open-ILS/examples/opensrf.xml.example
Open-ILS/examples/opensrf_core.xml.example
Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm [new file with mode: 0644]
Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy/AuthBase.pm [new file with mode: 0644]
Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy/LDAP_Auth.pm [new file with mode: 0644]
Open-ILS/web/opac/common/js/config.js
Open-ILS/web/opac/common/js/init.js
Open-ILS/web/opac/common/js/opac_utils.js
Open-ILS/web/opac/common/js/utils.js
Open-ILS/web/opac/skin/default/js/rdetail.js
Open-ILS/web/opac/skin/default/js/sidebar.js
Open-ILS/xul/staff_client/chrome/content/auth/session.js
Open-ILS/xul/staff_client/chrome/content/main/constants.js