[Catalyst] Catalyst and Shibboleth authentication
Alex Povolotsky
tarkhil at over.ru
Sat Mar 15 18:56:31 GMT 2008
Ashley wrote:
>>
>> Well, The Whole Thing seems reasonable; however, maybe you'll provide
>> me with some idea on more complex setup?
>>
>> I want to AUTHENTICATE users via some external SSO, but KEEP users
>> once they've been authenticated into database.
>>
>> I have (still) no good idea on interaction of Realm, Password and
>> Store...
>
>
> This might be a way to approach it:
> http://openid.net/specs/openid-simple-registration-extension-1_1-01.html
>
> Use OpenID to authenticate and the simple registration protocol to
> save their info in your own DB (in this case there would be no local
> password saved, the realm would always be the OpenID path and I'm not
> sure how you'd connect that with your local store. OpenID accounts are
> free at several sites so it's not a high barrier to entry. There is a
> family of CPAN modules by Brad Fitzpatrick and I think one or two
> OpenID plugins for Cat. The protocol is pretty simple but hacking on
> it can be very confusing and can make certain setups tricky (I chased
> a bug for 10 hours doing the stuff b/c I stupidly had the id server
> address set to / when the real resource was /index.pl).
OpenID for authentication with role-based authorization seems to be a
reasonable thing, isn't it? For now, I've made an EXTREMLY simple SSO,
just to prove the concept. Once I'll get Catalyst modules to work (with
SSO-based authentication and role-based authorization) I'll look at OpenID.
Alex
More information about the Catalyst
mailing list