You are viewing the PKP Support Forum | PKP Home Wiki

Observations about Adding Implicit Authentication to OJS

OJS development discussion, enhancement requests, third-party patches and plug-ins.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
Developer Resources:

Documentation: The OJS Technical Reference and the OJS API Reference are both available from the OJS Documentation page.

Git: You can access our public Git Repository here. Comprehensive Git usage instructions are available on the wiki.

Bugzilla: You can access our Bugzilla report tracker here.

Search: You can use our Google Custom Search to search across our main website, the support forum, and Bugzilla.

Questions and discussion are welcome, but if you have a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a technical support question, try the OJS Technical Support subforum.

Observations about Adding Implicit Authentication to OJS

Postby dgalewsky » Tue Mar 04, 2008 3:29 pm

I have been studying the OJS code and architecture a bit more today with an eye toward adding support for implicit/Shibboleth authentication.

I have come to a couple of conclusions about the implications of implicit authentication and I wanted to see if anyone had any comments or concerns.

* With OJS with implicit/Shibboleth authentication, users (other than the admin user) will be created automatically when they first log in to the system.
* The authentication information passed in will *not* contain any application specific data (like a journal of interest).
* When a user is first automatically created - they will not be associated with a journal. The user will have to go add that relationship.
* No screen will exist where users can be created. All users will be created by the act of their logging in to OJS. Not even the OJS administrative user can create OJS users (we may have a work around for this one).
* There will be no password fields anywhere in the Shibboleth version of OJS. There will be no additional authentication when a user registers with a journal.
* Since we have to create users automatically - we will probably use email address as username. Email address may become a read-only field.

If anyone has comments about the validity of these conclusions - I would be very interested in hearing them.

--Dan Galewsky
Texas Digital Library
University of Texas at Austin
Posts: 3
Joined: Mon Mar 03, 2008 2:55 pm

Re: Observations about Adding Implicit Authentication to OJS

Postby asmecher » Wed Mar 05, 2008 5:29 pm

Hi Dan,

I'm not familiar with Shibboleth beyond a conceptual level, but from the PKP perspective, your notes look entirely reasonable to me. Is it typical for Shibboleth-capable apps to use email addresses instead of usernames? If you're able to keep the modifications clean and unobstructive for existing non-Shibboleth users, I'd be amenable to adding this into the core, but if I had my druthers, I'd suggest using the auth plugin framework (and beefing it up as needed for the task).

I'd be happy to help with any specific questions you have about potential approaches.

Alec Smecher
Public Knowledge Project Team
Posts: 9922
Joined: Wed Aug 10, 2005 12:56 pm

Return to OJS Development

Who is online

Users browsing this forum: Bing [Bot] and 2 guests