[open-ils-commits] ***SPAM*** [GIT] Evergreen ILS branch master updated. ae0a65285425615d004131b5dc52cab1cdd395a9

Evergreen Git git at git.evergreen-ils.org
Thu Jul 3 11:21:58 EDT 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, master has been updated
       via  ae0a65285425615d004131b5dc52cab1cdd395a9 (commit)
      from  046ad752a5672e08d99dcffe6cdc3b15b330ccc5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ae0a65285425615d004131b5dc52cab1cdd395a9
Author: Robert Soulliere <robert.soulliere at mohawkcollege.ca>
Date:   Thu Jul 3 11:18:15 2014 -0400

    Documentation: Add the authentication proxy chapter
    
    - Some content taken from the 2.2 release notes.
    - Added a few steps on how to set up authentication proxy in Evergreen.
    
    Signed-off-by: Robert Soulliere <robert.soulliere at mohawkcollege.ca>

diff --git a/docs/admin/authentication_proxy.txt b/docs/admin/authentication_proxy.txt
new file mode 100644
index 0000000..6661013
--- /dev/null
+++ b/docs/admin/authentication_proxy.txt
@@ -0,0 +1,51 @@
+Authentication Proxy
+--------------------
+
+indexterm:[authentication, proxy]
+
+indexterm:[authentication, LDAP]
+
+To support integration of Evergreen with organizational authentication systems, and to reduce the proliferation of user names and passwords, Evergreen offers a service called open-ils.auth_proxy. If you enable the service, open-ils.auth_proxy supports different authentication mechanisms that implement the authenticate method. You can define a chain of these authentication mechanisms to be tried in order within the *_<authenticators>_* element of the _opensrf.xml_ configuration file, with the option of falling back to the native mode that uses Evergreen’s internal method of password authentication.
+
+This service only provides authentication. There is no support for automatic provisioning of accounts. To authenticate using any authentication system, the user account must first be defined in the Evergreen database. The user will be authenticated based on the Evergreen username and must match the user's ID on the authentication system. 
+
+In order to activate Authentication Proxy, the Evergreen system administrator will need to complete the following steps:
+
+. Edit *_opensrf.xml_*.
+.. Set the *_open-ils.auth_proxy_* app settings *_enabled_* tag to *_true_*
+.. Add the *_authenticator_* to the list of authenticators or edit the existing example authenticator: 
++
+[source,xml]
+----
+     
+<authenticator>
+	<name>ldap</name>
+	<module>OpenILS::Application::AuthProxy::LDAP_Auth</module>
+	<hostname>name.domain.com</hostname>
+	<basedn>ou=people,dc=domain,dc=com</basedn>
+	<authid>cn=username,ou=specials,dc=domain,dc=com</authid>
+	<id_attr>uid</id_attr>
+	<password>my_ldap_password_for_authid_user</password>
+	<login_types>
+		<type>staff</type>
+		<type>opac</type>
+	</login_types>
+	<org_units>
+		<unit>103</unit>
+		<unit>104</unit>
+	</org_units>
+</authenticator>
+----
++
+* *_name_* : Used to identify each authenticator.  
+* *_module_* : References to the perl module used by Evergreen to process the request.  
+* *_hostname_* : Hostname of the authentication server.  
+* *_basedn_* :  Location of the data on your authentication server used to authenticate users.
+* *_authid_* : Adminstrator ID information used to connect to the Authentication server.
+* *_id_attr_* : Field name in the authenticator matching the username in the Evergreen database.
+* *_password_* : Adminstrator password used to connect to the authentication server. Password for the *_authid_*.
+* *_login_types_* : Specifies which types of logins will use this authenticator. This might be useful if staff use a different LDAP directory than general users.   
+* *_org_units_* : Specifies which org units will use the authenticator. This is useful in a consortium environment where libraries will use separate authentication systems.
++
+. Restart Evergreen and Apache to activate configuration changes. 
+   
diff --git a/docs/root.txt b/docs/root.txt
index 2741517..a745eb3 100644
--- a/docs/root.txt
+++ b/docs/root.txt
@@ -133,6 +133,8 @@ include::opac/new_skin_customizations.txt[]
 
 include::admin/auto_suggest_search.txt[]
 
+include::admin/authentication_proxy.txt[]
+
 include::admin/customize_staff_client.txt[]
 
 // Push titles down one level.

-----------------------------------------------------------------------

Summary of changes:
 docs/admin/authentication_proxy.txt |   51 +++++++++++++++++++++++++++++++++++
 docs/root.txt                       |    2 +
 2 files changed, 53 insertions(+), 0 deletions(-)
 create mode 100644 docs/admin/authentication_proxy.txt


hooks/post-receive
-- 
Evergreen ILS


More information about the open-ils-commits mailing list