Good morning, We are exploring the use of XACML policies to require authentication on the disseminations of particular datastreams, to fulfill a project requirement that some kinds of content will require that the viewer be authenticated via our campus LDAP directory.
To get started, I have created some sample XACML policies that successfully enforce the requirement of a particular "fedoraRole" in order to view a data stream with a particular ID, but I've found that if the user is not already authenticated when they request the datastream content URL, they don't get prompted to authenticate, but rather just get an empty page with a 401 HTTP status. If the user is already authenticated from a different request in the Fedora web UI, then the content gets served up correctly. I've seen how to require authentication for ALL API-A requests, but that's not what we want either, because ultimately I think the vast majority of objects in our repository will be public, and should not require any authentication. If anyone has advice on this, it would be much appreciated. Thanks, Paul -- Paul Grotevant, Senior Software Developer/Analyst University of Texas Libraries / IT Architecture and Strategy [email protected] 512-495-4374
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
