Domain Analysis

• Framework for user authentication purposes with SSO (Single Sign On) capabilities.
• It may support Yale CAS, NTLM on Windows or any other SSO facilities provided by webservers.
• The authentication URL may reside on the same site or any other site.
• Framework should provide explication away to store authenticated user name.
• Authentication reference information should be stored as a cookie or as an URL parameter.

Use Cases

As Authentication URL can be on other site or server, we can't count on cookies to hold authentication info between application and Authentication Service. This info is transferred as URL parameter and should be stored by both Systems.

Use Cases are aware that user may be authenticated on Authentication Service (from login on other aplication) but not on aplication.

(authentication_usecases.png)

Class Diagram

The framework is the authentication module and must be extended depending on the authentication strategy LDAP, a basic database schema, and Web server Authentication are already implemented. As YaleCAS class can be implementated extending the framework instead of been a web server extension, it is shown in the model as an example.

As seen on the class diagram, depending on the strategy diferent operations must be replaced.

(authenticateclassdiagram.png)

Sequence Diagrams

User that is not authenticated anywhere trying to open a protected web page:

(NOTauthenticatedanywhere_sequence.png)

User that is not authenticated on application but is already authenticated on central authentication URL trying to open a protected web page:

(NOTapplicationauthenticated_sequence.png)

User that is authenticated on application trying to open a protected web page:

(authenticatedonapplication_sequence.png)

User that is logging out:

(logout_sequence.png)

Files

require"authenticate"
if authenticate.getAuthenticatedUser() then
    cgilua.htmlheader()
    cgilua.lp.include ("view.lp")
else
    cgilua.redirect (authenticate.loginURL())
end