Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0
Wiki Markup
h1. Sign in process

...



CORE uses federated login to authenticate users. After a user is successfully authenticated CORE checks the local user database to see if the user exists. It then loads all the user data (user role, presentations by this user, submissions by this user etc.) and persists the user in a session. See diagram for a complete overview.

...

Gliffy Diagram
sizeL
nameusersignin
alignleft
version5

Configuration

...

 

{gliffy:name=usersignin|align=left|size=L|version=5}

h4. Configuration

SimpleSAML can be configured in {{application/configs/application.ini

...

Config value

...

Description

...

simplesaml.dir

...

What is the location of your SimpleSAML installation

...

simplesaml.authsource

...

The name of the authentication source

}}

|| Config value || Description\\ ||
| {{simplesaml.dir}} | What is the location of your SimpleSAML installation |
| {{simplesaml.authsource}} | The name of the authentication source  |
| {{simplesaml.saml_uid_attribute

...

}} | The unique identifier used to identify a user.

...

 |
| {{simplesaml.saml_fname_attribute

...

}} | Federated attribute for first

...

 name |
| {{simplesaml.saml_lname_attribute

...

}} | Federated attribute for last

...

 name |
| {{simplesaml.saml_organisation_attribute

...

}} | Federated attribute for organization

...

 name |
| {{simplesaml.saml_email_attribute

...

}} | Federated attribute for email

...

 address |
| {{simplesaml.saml_country_attribute

...

}} | Federated attribute for

...

 country |
| {{core.logSamlAttributes

...

}} | Log SimpleSAML attributes upon every login attempt. You have to be in [development mode|core:Developer Documentation] for this to work!

...

User invite

You can invite users from the user overview page. As soon as you invite a user to CORE, a green bar will appear in front of a users name. This means that they have not yet successfully authenticated. When they successfully login for the first time the credentials you filled in will be overwritten by their respective federated attribute values.
For example, if you invite a user gijtenbeek@terena.org and the user logs in with their google account, the email address field will become: ik@christiangijtenbeek.nl - In the useraudit db table there will however be a record of what credentials you used to invite the user. You can always look at these values by clicking on the respective user row.

...

 |

h1. User invite

You can invite users from the user overview page. As soon as you invite a user to CORE, a green bar will appear in front of a users name. This means that they have not yet successfully authenticated. When they successfully login for the first time the credentials you filled in will be overwritten by their respective federated attribute values. 
For example, if you invite a user gijtenbeek@terena.org and the user logs in with their google account, the email address field will become: ik@christiangijtenbeek.nl - In the {{useraudit}} db table there will however be a record of what credentials you used to invite the user. You can always look at these values by clicking on the respective user row.

The time before an invite expires can be configured in {{application/configs/application.ini}} directive {{core.userInviteTtl = '3 months'}}. The value must be of type 'Interval' as [defined by

...

User roles

The following user roles are defined.

  • Guest (not authenticated)
  • User (logged in user, this role is defined automatically. Inherits from guest)
  • Submitter (inherits from user)
  • Presenter (inherits from user)
  • Reviewer (inherits from user)
  • Chair (inherits from user)
  • Admin

Access Control list

...

 PostgreSQL|http://www.postgresql.org/docs/current/interactive/datatype-datetime.html]

h1. User roles

The following user roles are defined.

* Guest (not authenticated)
* User (logged in user, this role is defined automatically. Inherits from guest)
* Submitter (inherits from user)
* Presenter (inherits from user)
* Reviewer (inherits from user)
* Chair (inherits from user)
* Admin

h1. Access Control list
For an overview of what which user is allowed to do please check out {{/application/modules/core/models/Acl/Core.php}}