Task #3096

Task #3074: Phase one implementaion for morpho to connect dataone services

Implment login/logout methods

Added by Jing Tao over 9 years ago. Updated almost 9 years ago.

Target version:
Start date:
Due date:
% Done:


Product Version:
Story Points:


The login/logout methods in DataoneDataStore will look like:
public void login();
public void logout();

Ben, Chris and I discussed about how to implement the login method. We think it is good for morpho to provide instructions and a link to the CIlogon page. User clicks the link and the default browser of the computer will open the CIlogon page. User should login through the page and download the certificate to the default location. We think using embedded java browser doesn't have too much advantage. Chris also suggested morpho should copy the downloaded certificates from the default /tmp directory to morpho's .morpho directory in case other applications such as kepler may delete them.

logout method will destroy the downloaded certificate.

When user switch the profile, it is not necessary to force user to logout.

Since we may keep the certificate file in .morpho directory, is it necessary for morpho to keep multiple certificate files at the same time?


#1 Updated by Ben Leinfelder over 9 years ago

If we are keeping a copy of the originally downloaded CILogon certificate, then I think this should be copied into the currently active profile directory which will be associated with the subject/DN of the certificate. Then when I switch to another profile it will look like I am logged out unless the other profile uses the same CILogon subject/DN. If it's a different DN for the profile that I switch to then I can get another certificate from CILogon and I will be "logged in" at that point.

The major difficulty I see with this mixed browser/fat client set-up is how to alert Morpho that there's now a CILogon certificate for it to copy from /tmp. Maybe hitting the "login" button looks for a cert in that location and uses what it finds.

#2 Updated by Jing Tao over 9 years ago

Requirement: user only needs to do two steps:
--Choose the provider.
--Input user's credential, i.e., username/password, in the redirected provider's page.

Possible solution:
--Use java widget and embedded browser(Preferred). This approach can get more control on the downloading and locating the certificate. JxBrowser is a
possible choice. But its license is an issue.
--Use external browser if it can archive two steps login(Less Preferred).

We need to talk with CILogon folks. Anyone knows who I should contact? Thanks.

#3 Updated by Dave Vieglais over 9 years ago

  • Target version changed from Sprint-2012.37-Block.5.3 to Sprint-2012.41-Block.6.1

#4 Updated by Ben Leinfelder over 9 years ago

  • Target version changed from Sprint-2012.41-Block.6.1 to Sprint-2012.44-Block.6.2

#5 Updated by Chris Jones about 9 years ago

  • Target version changed from Sprint-2012.44-Block.6.2 to Sprint-2012.50-Block.6.4

#6 Updated by Ben Leinfelder almost 9 years ago

  • Target version changed from Sprint-2012.50-Block.6.4 to 2013.10-Block.2.1

#7 Updated by Ben Leinfelder almost 9 years ago

  • translation missing: en.field_remaining_hours set to 0.0
  • Status changed from New to Closed

Using ECP for CILogon/InCommon IdPs and setting up an identity provider for the KNB/NCEAS accounts. There is an advanced setting that allows users to specify a path to their client certificate.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)