Login or register Large RSS Icon

Authenticate 

XSSFilter could not parse (X)HTML:


<h3>Domain Analisys</h3>

<ul>
    <li>Framework for user authentication purposes with SSO (Single Sign On) capabilities.</li>
    <li>It may support Yale CAS, NTLM on Windows or any other SSO facilities provided by webservers.</li>
    <li>The authentication URL may reside on the same site or any other site.</li>
    <li>Framework should provide aplication away to store authenticated user name.</li>
    <li>Authentication reference information should be stored as a cookie or as an URL parameter.</li>
</ul>

<h3>Use Cases</h3>
<p>As Authentication URL can be on other site or server, we can't count on cookies to hold authentication info betwen aplication and Authentication Service. This info is transfered as URL parameter and should be stored by both Systems.</p>

<p>Use Cases are aware that user may be authenticated on Authentication Service (from login on other aplication) but not on aplication.</p>

<p>(authentication_usecases.png)</p>

<h3>Class Diagram</h3>

<p>The framework is the authentication module and must be extended depending on the authentication strategy LDAP, a basic database schema, and Web server Authentication are already implemented. As YaleCAS class can be implementated extending the framework instead of been a web server extension, it is shown in the model as an example.</p>

<p>As seen on the class diagram, depending on the strategy diferent operations must be replaced.</p>

<p>(authenticate<em>class</em>diagram.png)</p>

<h3>Sequence Diagrams</h3>

<p>User that is not authenticated anywere trying to open a protected web page:</p>

<p>(NOT<em>authenticated</em>anywere_sequence.png)</p>

<p>User that is not authenticated on aplication but is already authenticated on central authentication URL trying to open a protected web page:</p>

<p>(NOT<em>aplication</em>authenticated_sequence.png)</p>

<p>User that is authenticated on aplication trying to open a protected web page:</p>

<p>(authenticated<em>on</em>aplication_sequence.png)</p>

<p>User that is loging out:</p>

<p>(logout_sequence.png)</p>

<h3>Files</h3>

<p><TABLE>
 <tr>
  <td>authentication.lua</td>
  <td>module that reifies the authentication framework</td>
 </tr>
 <tr>
  <td>authentication_conf.lua</td>
  <td>Configuration file for authentication framework</td>
 </tr></p>

<p> <tr>
  <TD>login.lua</TD>
  <TD>Authentication Service controler.
Check if user is already authenticated and open login page or redirect to aplication URL.
Do it based on cookies and URL parameters:user,passwd,logout and userhash
  </TD>
 </tr>
 <tr>
  <TD>login.lp</TD>
  <TD>Must generate a request (with an HTML FORM) with parameters: user and passwd</TD>
 </tr>
 <tr>
  <TD><em>controler</em>.lua</TD>
  <TD>Aplication controler containing authentication calls (userhash URL parameter should be reserved to atuthenticate module usage). Ex.:<br></p>

<pre>
require"authenticate"
if authenticate.getAuthenticatedUser() then
    cgilua.htmlheader()
    cgilua.lp.include ("view.lp")
else
    cgilua.redirect (authenticate.loginURL())
end
</pre>

<p>  </TD>
 </tr>
 <tr>
  <TD><em>view</em>.lp</TD>
  <TD>Authenticated page to be shown by <em>controler</em>.lua.</TD>
 </tr>
</TABLE></p>
Powered by Sputnik | XHTML 1.1