Web Development Thread, What form of auth? in Coding and Web Development; I'd developing a website at the moment and am thinking about the best way for future users to populate the ...
26th June 2011, 12:42 AM #1
What form of auth?
I'd developing a website at the moment and am thinking about the best way for future users to populate the system with their own users. As it stands I have the following options:
1. Use the old-fashioned method of importing CSV or XML files, combined with manual additions.
2. Have a mini application which periodically uploads data to the site, which is installed on a machine in the user's network.
3. Implement Shibboleth, with an embedded discovery service
4. Use Radius, with Pear::Auth_RADIUS - meaning users can install a radius server on their network, and hook it up to whatever auth system they have in place, and expose that to my site for auth.
5. Use OpenZIS and SIF to import data from networks.
Now, each one has pros/cons, some are easier to implement than others and I suppose I could give users the option between different methods.
I am also thinking that I may want to combine 2 methods - such as using Shibboleth for auth SSO and SIF or a custom app for population of extra data (pupil year, class membership etc...).
However, what do people here think?
Last edited by localzuk; 26th June 2011 at 01:02 AM.
26th June 2011, 01:42 AM #2
Radius would be better so users could use theor own ADUC/LDAP , but that's just me
26th June 2011, 07:33 PM #3
I've been having a look at RADIUS and whilst it can handle the whole authentication aspect (ie. is the user logging in valid etc...) but it can't handle anything more than that, in terms of group membership, without trying to shoe-horn it into doing something it shouldn't. Also, RADIUS uses MD5 hashing as its method of securing data - which is inherently insecure.
1. To handle auth itself
2. To handle extra data, such as groups.
Problem I can see is that as it stands, there would be no link between users in method 1 and method 2.
How can I achieve this sensibly? A custom app? Getting the users to update the AD with an ID which links the MIS data to the AD itself? Kinda drawing a blank here!
27th June 2011, 09:39 AM #4
Can you not just look up users in Active Directory? adLDAP is a good library for authenticating and getting group membership information.
27th June 2011, 09:58 AM #5
I second AD as an option. It's what I use to auth our intranet/rewards/homework site. Additionally it runs an import for data from sims.
27th June 2011, 10:02 AM #6
Would that not mean people having to expose their AD to the internet? Which is generally seen as a Bad Idea (TM)?
Originally Posted by webman
This isn't for a single school - this will be for multiple schools, all with their own users, but with the website being centrally hosted.
27th June 2011, 10:11 AM #7
Oh right, I thought it was a locally-installable thing. So obviously no, adLDAP isn't going to be of any use at all
By rob998 in forum EduSweep
Last Post: 23rd March 2011, 02:19 PM
By acrobson in forum Coding
Last Post: 27th January 2010, 08:04 PM
By ful56_uk in forum Web Development
Last Post: 8th January 2010, 09:24 PM
By FN-GM in forum Virtual Learning Platforms
Last Post: 9th April 2009, 12:55 PM
Last Post: 21st April 2008, 10:33 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)