...
| Info | ||
|---|---|---|
| ||
Container Authentication Implementations may configure application containers to employ any user authentication mechanism that meets servlet specifications. This is container-specific, but usually includes JAAS, LDAP, CAS, Shibboleth, etc.. |
Fedora can authorize actions on the basis of a user name. Access may also hinge on additional security principals that are specific to an organization. These principals are often based on attributes coming with the request from Shibboleth, LDAP, CAS, etc.. Additional principals can be supported in Fedora authorization by implementing the PrincipalFactory interface. A PrincipalFactory examines Servlet requests and returns a set of additional principals for authorization. Example principals might include a named IP range, an affiliation or group from a Shibboleth SP header, principals extracted from SAML payloads, etc.. Fedora provides a configurable HeaderPrincipalFactory that extracts principals from headers.
Additional Security Principals
...