On Thursday, October 4, 2018 at 4:29:42 AM UTC-4, Shaun Donovan wrote: > > I am struggling to write a SAML authentication plugin. I have tried to > make sense of the documentation regarding this, but cannot get it to work. > > Basically, I write an implementation of AuthenticationMethod, and > configure DSpace to use it. So far so good, I can see that my code is being > accessed when I click on "Login". The only code accessed is method > getSpecialGroups() and loginPageURL() > > However, the "authenticate" method is never called through the process, > and DSpace responds with "No Authentication Method Found" (if method > "loginPageUrl" returns null). > > If I set method "loginPageUrl" to return a string (for example > request.getContextPath() +"/saml-login"), I simply get a "Page Not Found", > so somewhere I am missing a mapping that tells the authentication process > to access my "authenticate" method through a different URL? > > In AuthenticationServiceImpl.java I see that the authentication process > iterates through the stackable list of AuthenticationMethods and calls > their "authenticate" method, but then why does it not call mine? > >
loginPageUrl() returns the URI for the page to which the user should be sent in order to collect credentials for validation. It could be a DSpace page (and you would need to create that page) or it could go off to some other service which eventually returns to DSpace (which seems likely for SAML). At some point, having authenticated the user's credentials, the specific authentication plugin will call AuthenticationService.authenticate() or .authenticateImplicit(), which calls authenticate() on all stacked 'AuthenticationMethod's. For example, here we have a plugin that returns a URI to our CAS service as loginPageUrl, adding the return-to-DSpace URI that CAS needs. The service bounces the user back to DSpace, adding a service ticket to the request. The return URI that we supply is mapped to an XMLUI Action we wrote, which validates the ticket, maps it to a DSpace EPerson, and calls AuthenticationService.authenticate(), which calls our AuthenticationMethod.authenticate() (and others'). So a complete authentication plugin has several parts: o an implementation of AuthenticationMethod; o UI code to collect user credentials (if needed); o UI code to validate a user's identity with a DSpace EPerson and call AuthenticationService to complete session creation. -- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.