Infrastructure Team/Central Login: Difference between revisions

Line 29:

* [[wikipedia:OpenID |OpenID]] authentication. Would be useful if particular service can link OpenID users and the ones got from CAS/LDAP. Without that, OpenID is just a standalone authentication method for particular service that does not relate to Central Login at all.

* Users certificates. Might be useful, e.g., for people who need to be authenticated from a Sugar Shell where Sugar might perform some authentication routines under the hood.

* ''Any method that can process authentication via LDAP, to reuse centralized users database only (no single sign-on)''.

* ''Any method that can process authentication via [[wikipedia:Lightweight_Directory_Access_Protocol |LDAP]], to reuse centralized users database only (no single sign-on)''.

== Authenticate back-end ==

Line 43:

This application is needed to accomplish several tasks related to account management procedures for regular users, such as:

* Let people create an account on LDAP server using regular, for Web services, Sign-on workflow, i.e., in automatic manner. ~~Would~~ be useful to have instruments to prevent automated software from performing registration.

* Let people create an account on the LDAP server using the regular, for Web services, Sign-on workflow, i.e., in an automatic manner. It would be useful to have instruments to prevent automated software from performing registration.

* Have a "Forgot password" feature.

* Edit LDAP metadata. ~~Would~~ be useful to let people authenticate on CAS, i.e., to avoid typing passwords twice, ~~one time~~ to get access to a service and ~~the~~ second ~~one~~ in Account management ~~application~~ before editing metadata.

* Edit LDAP metadata. It would be useful to let people authenticate on CAS, i.e., to avoid typing passwords twice, once to get access to a service and a second time in Account management applications before editing account metadata.

@@ Line 29: / Line 29: @@
 * [[wikipedia:OpenID |OpenID]] authentication. Would be useful if particular service can link OpenID users and the ones got from CAS/LDAP. Without that, OpenID is just a standalone authentication method for particular service that does not relate to Central Login at all.
 * Users certificates. Might be useful, e.g., for people who need to be authenticated from a Sugar Shell where Sugar might perform some authentication routines under the hood.
-* ''Any method that can process authentication via LDAP, to reuse centralized users database only (no single sign-on)''.
+* ''Any method that can process authentication via [[wikipedia:Lightweight_Directory_Access_Protocol |LDAP]], to reuse centralized users database only (no single sign-on)''.
 == Authenticate back-end ==
@@ Line 43: / Line 43: @@
 This application is needed to accomplish several tasks related to account management procedures for regular users, such as:
-* Let people create an account on LDAP server using regular, for Web services, Sign-on workflow, i.e., in automatic manner. Would be useful to have instruments to prevent automated software from performing registration.
+* Let people create an account on the LDAP server using the regular, for Web services, Sign-on workflow, i.e., in an automatic manner. It would be useful to have instruments to prevent automated software from performing registration.
 * Have a "Forgot password" feature.
-* Edit LDAP metadata. Would be useful to let people authenticate on CAS, i.e., to avoid typing passwords twice, one time to get access to a service and the second one in Account management application before editing metadata.
+* Edit LDAP metadata. It would be useful to let people authenticate on CAS, i.e., to avoid typing passwords twice, once to get access to a service and a second time in Account management applications before editing account metadata.