[ome-devel] cosign and kerberos

Bill Hill Bill.Hill at igmm.ed.ac.uk
Fri Aug 16 13:33:20 BST 2013 

Josh,

Thanks for replying.

Some background: We're starting to use OMERO in an image submission
system for an NIH funded project (see: http://www.gudmap.org/ and
http://upload.gudmap.org ). The editors of the GUDMAP database are
external and so need to authenticate. Rather than have users
authenticate for each database, web app, etc, we're looking at SSO.
We're thinking of installing a local instance (ie on an HGU server)
of CoSign rather than use UoE's CoSign implementation (EASE
https://www.ease.ed.ac.uk/). Once in place this SSO system will
probably be adopted by our other databases (EMAGE, EMAP, etc) where
privileged access is needed.

 From your reply it looks like there's no working example of CoSign
(or any other SSO system) being used by OMERO although it should be
possible to implement by following
http://www.openmicroscopy.org/site/support/omero4/developers/Server/PasswordProvider.html
maybe using the LdapPasswordProvider (at least as an example) and
writing a CosignPasswordProvider.

I'll let you know where we decide to go with this.

Cheers,
Bill
>
> On Aug 13, 2013, at 12:03 PM, Bill Hill wrote:
>
> Hi Bill,
>
>> We're looking at a "single sign on" system for web based applications
>> (mainly coded using java and php) including an OMERO image submission
>> server. Cosign (http://weblogin.org) seems a good choice for us (used
>> by Uni of Edinburgh already).
>>
>> Has anyone any experience using cosign or kerberos to authenticate in
>> OMERO?
>
> Though there was some recent interest on ome-users [1], the OME team
> hasn't investigated SSO integration. Could you outline how you see
> this working?
>
>
>> Is either already supported?  If not what sort of effort would
>> be needed for us to add kerberos support?
>
> Reading briefly through http://www.umich.edu/~umweb/software/ this
> could require a KerberosPasswordProvider and/or CosignPasswordProvider
> in OMERO. What if anything would be needed in the web framework itself
> I don't know.
>
>
>> Cheers,
>> Bill
>
> Cheers,
> ~Josh
>
> [1] http://lists.openmicroscopy.org.uk/pipermail/ome-users/2013-July/003873.html
>
>
>> --
>> Bill Hill                              : http://www.hgu.mrc.ac.uk
>> MRC Human Genetics Unit                : http://www.emouseatlas.org
>> MRC IGMM, University of Edinburgh      : Bill.Hill at igmm.ed.ac.uk
>> Western General Hospital               : +44-131-3322471x2119
>> Crewe Road, Edinburgh EH4 2XU, UK.     : +44-131-4678456
>>
>> The University of Edinburgh is a charitable body, registered in
>> Scotland, with registration number SC005336.
>>
>> _______________________________________________
>> ome-devel mailing list
>> ome-devel at lists.openmicroscopy.org.uk
>> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel
>
>

-- 
Bill Hill                              : http://www.hgu.mrc.ac.uk
MRC Human Genetics Unit                : http://www.emouseatlas.org
MRC IGMM, University of Edinburgh      : Bill.Hill at igmm.ed.ac.uk
Western General Hospital               : +44-131-3322471x2119
Crewe Road, Edinburgh EH4 2XU, UK.     : +44-131-4678456

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

More information about the ome-devel mailing list