Initial external authentication support via proxy
This is the initial commit to support an authentication proxy module
to facilitate external authentication. It is a work in progress.
What is does so far:
- Optionally redirects all JSOPAC login requests over SSL by building
on the 'forceLoginSSL' configuration bool (you MUST enable this
option for proper use of the auth proxy)
- Provides a basic plug-in framework for external authentication
implementations, including configuration options for segregating
authenticators based on login type or org_unit
- Allows for multiple cascading authentication tests, including
simultaneous support for external and internal (EG 'native')
authentication
- Provides a 'master switch' to easily revert to using the native EG
authentication routines only
- Includes an example LDAP plug-in which supports bind-style auth
checks
Biggets outstanding known needs:
- TTOPAC integration, including SSL redirection
- Tying of login attempts to current brute-force prevention setup
- Treatment of end-user 'change password' interfaces
- Support TT/Conifer style authentication prompt
Missing but desirable feature:
- Allow for manual selection of authenticator by end-user, including
localization support
Signed-off-by: Dan Wells <dbw2@calvin.edu>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
13 files changed:
projects / working / Evergreen.git / commit