clarity-h2020/marketplace

Define Auto login Points for Single Sign On

fgeyer16 opened this issue · 8 comments

The SingleSignOn on Infrastructure is now implemented.
For now SSO only works if the user visits the SSO login page from every Instance. If he is already logged in he will be redirected to the page without seeing the login form.

The system supports so called gateway functionallity, which allows automatic sign in on visiting certain pages, so the user does only need to visit the login page once.
Theoretically we could set this on every page on csis and market place. Practically this disables page caching of drupal. Since drupal without caching is very slow it is not advisable to do make a global gateway.

So we have to define pages on which the single sign on is performed only. These page will be not cached so the should not be pages which are heavily to render.
We then should guide the users to this pages by presenting links.

There can also be pages on which the SingleSignOn can be forced.

IMHO we need this at the moment for the start page of the CSIS only.

rapto commented

Hello. Would it be possible to make csis cas authorize other services? We'd like to provide embeded maps (actually an existing django app) using this auth mechanism.

We need to login at that django app to retrieve the map? Then CAS can only work if that app is under our control and we can install some cas client there. Then it should work.

rapto commented

Thanks. The CAS client is already working, but if I use https://profile.myclimateservices.eu/cas/ as CAS server it complains that clarity.saver.red is not a registered service in the CAS server (as expected until registered, of course).

I added https://clarity.saver.red to the services in the cs server settings. Does it work now?

rapto commented

Thank you, I'll try as soon as I can.

@patrickkaleta it seems this is the issue and that it has already been taken care of. We'll let you know if everything works fine or ask for further support.

Marketplace auto login points for now are the fromnt page and the user pages.