Story #3130
Evaluate CILogon command line authentication mechanism
100%
Description
There is an experimental command line authentication module written in perl that might be worth examining, to see if it at least works.
This is available at:
It won't work for all identity providers, but may provide the basis for command line retrieval of the client certificate. If it works, then it would be worth evaluating the effort required to implement in Java and/or Python.
History
#1 Updated by Chris Jones over 11 years ago
- Target version changed from Sprint-2012.33-Block.5.1 to Sprint-2012.37-Block.5.3
#2 Updated by Dave Vieglais over 11 years ago
- Due date set to 2012-10-27
- translation missing: en.field_remaining_hours set to 0.0
- Target version changed from Sprint-2012.37-Block.5.3 to Sprint-2012.41-Block.6.1
What are the outcomes from this activity? Documentation, scripts, notes?
#3 Updated by Dave Vieglais over 11 years ago
- Status changed from New to In Progress
- Assignee changed from Roger Dahl to Dave Vieglais
The protocol works fine, but there is a limited set of identity providers that currently support the protocol:
mandible:tmp vieglais$ perl ecp.pl --get cert -c create -k userkey.pem -o usercert.pem -t 12
Select an Identity Provider (IdP):
1> LTER Network
2> ProtectNetwork
3> University of Chicago
4> University of Washington
5> University of Wisconsin-Madison
6> Specify the URL of another IdP
The protocol appears fairly straight forward to translate to other libraries, but is also fairly simple to shell to perl to perform the login.
#4 Updated by Chris Jones over 11 years ago
- Due date changed from 2012-10-27 to 2013-01-05
- Target version changed from Sprint-2012.41-Block.6.1 to Sprint-2012.50-Block.6.4
#5 Updated by Dave Vieglais over 11 years ago
- Status changed from In Progress to Closed
This approach is tractable, providing that more identity providers are available to support the necessary protocol. There's a general recommendation to setup shiboleth at NCEAS / knb to further expand the possible user base of relevance to DataONE that can authenticate through this mechanism ( #3394 )
