Versions Compared

Old Version 27

changes.mady.by.user Unknown User (gijtenbeek)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (vandenbossche)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

Sign

...

in

...

process

...

CORE

...

uses

...

federated

...

login

...

to

...

authenticate

...

users.

...

After

...

a

...

user

...

is

...

successfully

...

authenticated

...

CORE

...

checks

...

the

...

local

...

user

...

database

...

to

...

see

...

if

...

the

...

user

...

exists.

...

It

...

then

...

loads

...

all

...

the

...

user

...

data

...

(user

...

role,

...

presentations

...

by

...

this

...

user,

...

submissions

...

by

...

this

...

user

...

, etc.)

...

and

...

persists

...

the

...

user

...

in

...

a

...

session.

...

See

...

diagram

...

for

...

a

...

complete

...

overview.

...

Gliffy Diagram
sizeL
nameusersignin

Configuration

SimpleSAML can be configured in application/configs/application.ini

...

Config value

Description

simplesaml.dir

What is the location of your SimpleSAML installation

simplesaml.authsource

The name of the authentication source

simplesaml.saml_uid_attribute

...

The

...

unique

...

identifier

...

used

...

to

...

identify

...

a

...

user.

...

simplesaml.saml_fname_attribute

...

Federated

...

attribute

...

for

...

first

...

name

simplesaml.saml_lname_attribute

...

Federated

...

attribute

...

for

...

last

...

name

simplesaml.saml_organisation_attribute

...

Federated

...

attribute

...

for

...

organization

...

name

simplesaml.saml_email_attribute

...

Federated

...

attribute

...

for

...

email

...

address

simplesaml.saml_country_attribute

...

Federated

...

attribute

...

for

...

country

core.logSamlAttributes

...

Log

...

SimpleSAML

...

attributes

...

upon

...

every

...

login

...

attempt.

...

You

...

have

...

to

...

be

...

in

...

development

...

mode

...

for

...

this

...

to

...

work!

...

User invite

You can invite users from the user overview page. As soon as you invite a user to CORE, a green bar will appear in front of a user's name. This means that they have not yet successfully authenticated. When they successfully login for the first time the credentials you filled in will be overwritten by their respective federated attribute values.

For example, if you invite a user gijtenbeek@terena.org and the user logs in with their google account, the email address field will become: ik@christiangijtenbeek.nl. However, in the useraudit db table there will be a record of what credentials you used to invite the user. You can always access these values by clicking on the respective user row.

The time before an invitation expires can be configured in application/configs/application.ini

...

directive

...

core.userInviteTtl

...

=

...

'3

...

months'

...

.

...

The

...

value

...

must

...

be

...

of

...

type

...

'Interval'

...

as

...

defined

...

by

...

PostgreSQL

...

.

User roles

The following user roles are defined:

  • Guest (not authenticated)
  • User (logged in user, this role is defined automatically. Inherits from guest)
  • Submitter (inherits from user)
  • Presenter (inherits from user)
  • Reviewer (inherits from user)
  • Chair (inherits from user)
  • Admin

Access Control list

For an overview of what each user is allowed to do please check out /application/modules/core/models/Acl/Core.php

...