Thank you very much for the suggestion! Dne úterý 16. ledna 2018 14:41:34 UTC+1 Evgeni Dimitrov napsal(a): > > I have another system, which can authenticate some of the users. > > I coded a standalone application, which gets userId/password and asks that > system to authenticate. Then it calls DSpace and adds in the URL something > about belonging to some group. > > On the DSpace side I have something like the IPAuthentication. > > On Friday, January 12, 2018 at 4:24:44 PM UTC+2, Jakub Řihák wrote: >> >> Dear all, >> >> we would like to assing users to DSpace Role-Based groups authenticated >> with ShibAuthentication plugin using values from multiple Shibboleth >> headers, for example: >> >> - assign users with value of Affiliation attribute = 'student' and value >> of DisabledCategory attribute = 'A1' to predefined DSpace group >> 'DisableStudent' to provide access to digitized materials that can only be >> available for 'disabled students' >> >> - assign users with value of 'Affiliation attribute = 'member-1lf' and >> value of 'AffiliationRole' = studentCorrdinator to predefined DSpace group >> 'FacultyCoordinator1LF" to provide admin rights for DSpace collections to >> users based on their affiliation within the university and their role >> stored in our IdP >> >> etc. >> >> As far as I know, there is no way with current implementation of >> ShibbolethAuthentication plugin to take into account multiple Shibboleth >> headers and their values when assigning user to a Group after he's >> authenticated, am I right? ShibbolethAuthentication plugin seems to take >> into account only values from one Shibboleth Header defined in >> ShibAuthentication.cfg file. >> >> Could you perhaps tell me, if anyone tried to achieve something similar? >> >> As it is (hopefully) apparent from examples, we need far greater >> granularity when assigning authenticated users to DSpace groups. Right know >> we are discussing our possibilities: >> >> I think we have three possibilities: >> - 'calculate' correct user role based on multiple user attributes on the >> side of IdP and send send 'calculated dspace group' as a value of some >> Shibboleth Header the is defined in ShibAuthentication plugin (requires >> programming) >> >> - use a standalone program to fetch user attributes from IdP and >> preprocess them for DSpace ShibAuthentication plugin (requires programming) >> >> - modify ShibbolethAuthentication plugin in our DSpace instalation to >> look for values from multiple ShibHeaders and assign users to groups based >> on some newly programmed logic (requires programming as well) >> >> It would be very helpful to know, if there were some attempts to do this >> on the 'DSpace side' and/or if this would be a viable way how to improve >> DSpace Authentication Plugin. >> >> We are using DSpace 5.6, so it might be better to just wait for newer >> version of DSpace where this might be solved? >> >> Thank you for any answer or suggestion, >> with best regards, >> >> Jakub Řihák >> Charles University >> Prague, Czech Republic >> >
-- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
