OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



Shibboleth/LDAP vs OJS native authentication

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
What to do if you have a technical problem with OJS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a development question, try the OJS Development subforum.

Shibboleth/LDAP vs OJS native authentication

Postby jamesvanmil » Wed May 07, 2014 7:48 am

Hi,

We're newly looking into OJS, and are interested in supporting authentication via our campus systems for local users, but also allowing account registration for anyone else. We've set up Shibboleth on our test instance of OJS, but there's no apparent way to configure the system to allow outside users to register or login. Are we missing something in the configuration?

From looking at the LDAP plugin documentation, I suspect that this is more straightforward, though we haven't tried to tackle LDAP implementation yet. Can anyone confirm that the scheme outlined above is easier with LDAP?

Thanks,
James

James Van Mil
Collections & Electronic Resources Librarian
University of Cincinnati Libraries
jamesvanmil
 
Posts: 2
Joined: Wed May 07, 2014 7:37 am

Re: Shibboleth/LDAP vs OJS native authentication

Postby asmecher » Wed May 07, 2014 8:11 am

Hi James,

Note that LDAP will provide shared credentials but not single sign-on. It's not broadly used and is not thoroughly maintained. Basically, we need someone with a practical use case and some coding experience to provide feedback and possibly help us maintain it.

Shibboleth was a third-party contribution and we don't have a test environment here to validate it. It may also need some dusting off. But as you've noted, I don't think it's comprehensive enough in its scope to include all users, e.g. editorial back-end accounts.

Both are documented at this wiki page.

The reason that this is such a sore point is that OJS requires good relational data storage for content attached to users: who reviewed what; who has what role; etc. This means it's necessary for OJS to maintain its own user database for the sake of maintaining a reliable audit trail for the journals. Having that database synchronize against a separate database of some sort introduces a lot of questions about how alignment should be maintained. We haven't managed to determine best practices here.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8674
Joined: Wed Aug 10, 2005 12:56 pm

Re: Shibboleth/LDAP vs OJS native authentication

Postby jamesvanmil » Mon May 12, 2014 10:34 am

Thanks, Alec. This should help with our decision-making.
jamesvanmil
 
Posts: 2
Joined: Wed May 07, 2014 7:37 am


Return to OJS Technical Support

Who is online

Users browsing this forum: No registered users and 7 guests