[unisog] LDAP access for 3rd parties

Russell Fulton r.fulton at auckland.ac.nz
Fri Feb 15 05:33:29 GMT 2008


On 14/02/2008, at 7:24 AM, Christopher A Bongaarts wrote:

> In the immortal words of Pete Hickey:
>
>>> Every external vendor I have worked with takes the password supplied
>>> by the "user",
>>
>> and BANG!  They have a userid and password.  If you're a place
>> with a single userid/password for most applications, there could
>> be a fair amount of value to it.
>
> Indeed.
>
>> A better scheme would be sending control to university machine, which
>> accepts the credentials and then sends the 3rd party a yes/no...  
>> Similar
>> to how it is done with some types of credit card verifications.
>
> Even better is a system designed for handling inter-institutional
> authentication, such as Shibboleth.
>
>  http://shibboleth.internet2.edu/
>

We use cosign, radius and ldap on campus and shibboleth in the wider  
arena.

http://weblogin.org/

works well for use and we select vendors on whether on not they can  
work with out infrastructure.

Currently we are implementing a outsourced recruitment/initial contact  
system (to RightNow) but are handling all the authentication stuff  
ourselves on *our* webservers that then redirect back to the  
application.

Russell



More information about the unisog mailing list