[Catalyst] Catalyst and Shibboleth authentication

Ashley apv at sedition.com
Sat Mar 15 18:00:32 GMT 2008


On Mar 15, 2008, at 10:22 AM, Alex Povolotsky wrote:
> Mike Whitaker wrote:
>> On 14 Mar 2008, at 19:00, Kirby Krueger wrote:
>>
>>> Greetings,
>>>
>>> I'm writing a new web application, and have decided to jump into  
>>> Catalyst (because I am smart.)
>>>
>>> One thing that Catalyst seems to do well is have a good mechanism  
>>> for plugging in standard approaches to things.  Here at the  
>>> University of Washington, we use a project called 'Shibboleth'  
>>> for authentication: http://shibboleth.internet2.edu/
>>
>> I dunno exactly what Shibboleth does, but if the notes on dealing  
>> with external single sign on (http://catwiki.toeat.com/ 
>> gettingstarted/tutorialsandhowtos/sso_authentication) are any  
>> help, steal away :) (JayK did sanity check them for me, and He  
>> Should Know :) )
>
> Well, The Whole Thing seems reasonable; however, maybe you'll  
> provide me with some idea on more complex setup?
>
> I want to AUTHENTICATE users via some external SSO, but KEEP users  
> once they've been authenticated into database.
>
> I have (still) no good idea on interaction of Realm, Password and  
> Store...


This might be a way to approach it: http://openid.net/specs/openid- 
simple-registration-extension-1_1-01.html

Use OpenID to authenticate and the simple registration protocol to  
save their info in your own DB (in this case there would be no local  
password saved, the realm would always be the OpenID path and I'm not  
sure how you'd connect that with your local store. OpenID accounts  
are free at several sites so it's not a high barrier to entry. There  
is a family of CPAN modules by Brad Fitzpatrick and I think one or  
two OpenID plugins for Cat. The protocol is pretty simple but hacking  
on it can be very confusing and can make certain setups tricky (I  
chased a bug for 10 hours doing the stuff b/c I stupidly had the id  
server address set to / when the real resource was /index.pl).

-Ashley




More information about the Catalyst mailing list