[Catalyst] Catalyst and Shibboleth authentication
Jay K
jayk at ion0.com
Mon Mar 17 20:45:31 GMT 2008
> That page is slightly incorrect.
> In C::A::Store::Null -based class, apparently $storeclass-
> >can('find_user') returns 0 (called from
> C::A::Authentication::Realm.pm line 85) so Realm tries to construct
> find_user by itself, without success.
Yes. Null does not implement find_user - you have to. Which is why
the wiki page says subclass and add find_user.
> I wonder why wiki suggests to override storage; overriding
> credentials should be much more reasonable.
Either is fine, actually. The execution path for authentication is
by default:
$c->authenticate() --> $realm->authenticate() --> $credential-
>authenticate() --> $store->find_user()
For SSO - you can hook at any of those points. The store is the
easiest, really - because Credential::Password has a 'passthrough'
mode by telling it password_type='none' - effectively delegating the
entire auth process cleanly to the store's find_user method. Since
you will probably need to provide some type of user information -
overriding the store gives you the ideal spot to handle both at the
same time.
It really depends greatly on how complicated your SSO system is.
Jay
---
"Those who can make you believe absurdities can make you commit
atrocities." --Voltaire
More information about the Catalyst
mailing list