Ok, I'm replying myself with some little advances.
This snippet is used in the authenticate funcion of CAS, when eperson ==
null and the cas.autoregister option is false:
+ else
+ {
+ // No auto-registration for valid netid
+ log.warn(LogManager.getHeader(context, "authenticate",
+ netid+" type=netid_but_no_record,
cannot
auto-register"));
+ return NO_SUCH_USER;
+ }
I see similar logic is in Shibboleth or LDAP authentication metods, but I
don't get the point of it. Does that mean that if autoregister option is
set to false and they doesn't have stored credentials as EPerson in the DB,
users shouldn't be able to login? Then what's the autoregister option for,
as it should always be set to true in order to work?
If I replace NO_SUCH_USER by SUCCESS, I see that I get correctly
authenticated vs. CAS only once, but DSpace shows the AuthenticationFail
error. The question is: What steps would be necessary to create a one-time
session for the authenticated user without storing their credentials in the
DSpace DB?
I'm really stucked here, any help would be very appreciated!
Regards.
2013/5/18 Alumno Etsii <todos.somos...@gmail.com>
> Hi all!
>
> I'm trying to addapt a CAS solution I found on JIRA (
> https://jira.duraspace.org/browse/DS-1028) and I'm having problems
> authenticating without auto-registering.
>
> There's a boolean parameter in the .cfg determining whether auto-register
> the user or not after logging in; if it's set to true, I was able to
> arrange it to work with current version correctly. But if the parameter is
> set to false, all the authenticate function does is to return NO_SUCH_USER,
> as you can see in the proposed code.
>
> Practically, integrating this with CAS means that the user identifies once
> vs. CAS, but I don't know why, after it DSpace tries to validate him again
> and that's an error (as a CAS ticket can be validated just once). The
> question is: why does DSpace keep trying to validate the user when the user
> once validated itself and the result was successful? I tried to change
> NO_SUCH_USER to SUCCESS, but the same happens.
>
> Another question is: Is it even possible to create a session to a user
> without creating the eperson registry in the DB? What objects would be
> needed to set for that, just EPerson?
>
> Thanks so much for your help!
>
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
