Shibboleth/LDAP vs OJS native authentication

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
The Public Knowledge Project Support Forum is moving to

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.
Posts: 2
Joined: Wed May 07, 2014 7:37 am

Shibboleth/LDAP vs OJS native authentication

Postby jamesvanmil » Wed May 07, 2014 7:48 am


We're newly looking into OJS, and are interested in supporting authentication via our campus systems for local users, but also allowing account registration for anyone else. We've set up Shibboleth on our test instance of OJS, but there's no apparent way to configure the system to allow outside users to register or login. Are we missing something in the configuration?

From looking at the LDAP plugin documentation, I suspect that this is more straightforward, though we haven't tried to tackle LDAP implementation yet. Can anyone confirm that the scheme outlined above is easier with LDAP?


James Van Mil
Collections & Electronic Resources Librarian
University of Cincinnati Libraries

Posts: 10015
Joined: Wed Aug 10, 2005 12:56 pm

Re: Shibboleth/LDAP vs OJS native authentication

Postby asmecher » Wed May 07, 2014 8:11 am

Hi James,

Note that LDAP will provide shared credentials but not single sign-on. It's not broadly used and is not thoroughly maintained. Basically, we need someone with a practical use case and some coding experience to provide feedback and possibly help us maintain it.

Shibboleth was a third-party contribution and we don't have a test environment here to validate it. It may also need some dusting off. But as you've noted, I don't think it's comprehensive enough in its scope to include all users, e.g. editorial back-end accounts.

Both are documented at this wiki page.

The reason that this is such a sore point is that OJS requires good relational data storage for content attached to users: who reviewed what; who has what role; etc. This means it's necessary for OJS to maintain its own user database for the sake of maintaining a reliable audit trail for the journals. Having that database synchronize against a separate database of some sort introduces a lot of questions about how alignment should be maintained. We haven't managed to determine best practices here.

Alec Smecher
Public Knowledge Project Team

Posts: 2
Joined: Wed May 07, 2014 7:37 am

Re: Shibboleth/LDAP vs OJS native authentication

Postby jamesvanmil » Mon May 12, 2014 10:34 am

Thanks, Alec. This should help with our decision-making.

Return to “OJS Technical Support”

Who is online

Users browsing this forum: Google [Bot], Yahoo [Bot] and 1 guest