Details
-
New Feature
-
Resolution: Unresolved
-
Major
-
None
-
None
Description
We want to design a type of plugin mechanism to support different methods of webserver authentication, including but not limited to the Shibboleth SP, mod_auth_openidc, and CAS.
The idea is that by having an abstracted notion of how Registry interacts with web server authentication/login (and logout) and then providing plugins that implement interfaces for those specific tools, we can add more configuration and functionality around login/logout.
For example, we can include "hints" to the web server authentication module about which IdP/OP to use for authentication. We could also allow COs to configure where the browser would be directed when the user "logs out".