Sakai Authentication Requirements

Form Based Authentication and Sakai (1.5, 2.0) Requirements

Scott Amerson, July 29, 2005

0. Intro

Concepts
High Level Requirements
Display Requirements
Security
Authenticated Users
Document History

UC Davis has the need for incorporating Form-Based Distributed Authentication and the Sakai (1.5+) frameworks. Specifically, there is need to:

Use Form-Based Dist Auth as a central sign-on mechanism
Utilize Remote_User for Sakai to "trust"
Work with Tomcat Standalone, as well as with Apache-Tomcat
Meet the specific requirements of authentication for SOM, SVM, MediaWorks, and campus (including WebDAV)

1. Concepts

When a user logs into Sakai, they should be directed to to Secureweb to be authenticated. Upon successful login, they would be redirected to the Sakai portal as logged in.

2. High Level Requirements

*Sakai authentication should use UCD Dist Auth for authentication
*All users accessing Sakai should be in the KDC, except for non-auth'd, guest users

3. UI Requirements

*The currently logged in user may be identified by the interface.
*The login procedure must use Form-Based Dist Auth on Secureweb to authenticate the user. Once requested to login, the user must enter their valid authentication credentials to return to Sakai
*Users must be presented a way to login from the home page, and a means to logout after they have successfully logged in

4. Security

*Sakai may be installed on Tomcat Standalone or Apache. SSL is not a requirement, because authentication will be handled by Secureweb (SSL).

5. Authenticated Users

*Users, including any temporary affiliates, faculty, staff, students, wireless, etc. will be entered in the KDC. There should be no need for additional accounts in Sakai than those that are not represented in the KDC. The exception to this, is the requirement of WebDAV for usernames and passwords to be established.

6. Document History

See .. for history

Version	Date	Notes
1	July 29, 2005	Initial version.

Browser not supported