Observations about Adding Implicit Authentication to OJS

OJS development discussion, enhancement requests, third-party patches and plug-ins.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
The Public Knowledge Project Support Forum is moving to http://forum.pkp.sfu.ca

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.
Posts: 3
Joined: Mon Mar 03, 2008 2:55 pm

Observations about Adding Implicit Authentication to OJS

Postby dgalewsky » Tue Mar 04, 2008 3:29 pm

I have been studying the OJS code and architecture a bit more today with an eye toward adding support for implicit/Shibboleth authentication.

I have come to a couple of conclusions about the implications of implicit authentication and I wanted to see if anyone had any comments or concerns.

* With OJS with implicit/Shibboleth authentication, users (other than the admin user) will be created automatically when they first log in to the system.
* The authentication information passed in will *not* contain any application specific data (like a journal of interest).
* When a user is first automatically created - they will not be associated with a journal. The user will have to go add that relationship.
* No screen will exist where users can be created. All users will be created by the act of their logging in to OJS. Not even the OJS administrative user can create OJS users (we may have a work around for this one).
* There will be no password fields anywhere in the Shibboleth version of OJS. There will be no additional authentication when a user registers with a journal.
* Since we have to create users automatically - we will probably use email address as username. Email address may become a read-only field.

If anyone has comments about the validity of these conclusions - I would be very interested in hearing them.

--Dan Galewsky
Texas Digital Library
University of Texas at Austin

Posts: 10015
Joined: Wed Aug 10, 2005 12:56 pm

Re: Observations about Adding Implicit Authentication to OJS

Postby asmecher » Wed Mar 05, 2008 5:29 pm

Hi Dan,

I'm not familiar with Shibboleth beyond a conceptual level, but from the PKP perspective, your notes look entirely reasonable to me. Is it typical for Shibboleth-capable apps to use email addresses instead of usernames? If you're able to keep the modifications clean and unobstructive for existing non-Shibboleth users, I'd be amenable to adding this into the core, but if I had my druthers, I'd suggest using the auth plugin framework (and beefing it up as needed for the task).

I'd be happy to help with any specific questions you have about potential approaches.

Alec Smecher
Public Knowledge Project Team

Return to “OJS Development”

Who is online

Users browsing this forum: No registered users and 1 guest