Courseware integration: AuthenticationKey

From ReservesDirect: Open Source EReserves System

It is now possible for trusted applications to issue tickets for authentication into RD. Each of the following much occur for successful authentication.

  1. The issuing system must be listed in the trusted systems section of the config.xml.
  2. The authenticated user must not be a staff or admin
  3. The authentication ticket must be submitted as the GET argument authKey
  4. The authKey argument must be base64-encoded.
  5. The authKey argument must be of this from 
   u=username&t=timestamp&sys=public_key&key=encrypted_key
   where:
       username      = authenticated user username
       timestamp     = ticket issuance time in UTC
       public_key    = public key as defined in config.xml
       encrypted_key = <username><timestamp><public_key><private_key> encrypted against sha256

If authentication fails the browser is redirected to the RD login page.

Trusted Systems will appear in the config.xml as 

 
    <trusted_systems comment="trusted systems id=public key element value secret key; timeout is in minutes">
    	<system id="public_key" timeout="30">private_key</system>
    </trusted_systems>

Authentication Tickets

[edit]

Example

given: 

  username   => DGSMITH
  timestamp  => 1205346592
  public_key => bboard; private_key => reallyreallybigsecret

yeilds: 

  encrypted_key => 5c7bed8cb0dec85597e1474222d01641b52ec1f2a7a2e7add1756cac6f4660da

This would be used like

index.php?authKey=dT1ER1NNSVRIJnQ9MTIwNTM0NjU5MiZzeXM9YmJvYXJkJmtleT01YzdiZWQ4Y2IwZGVjODU1OTdlMTQ3NDIyMmQwMTY0MWI1MmVjMWYyYTdhMmU3YWRkMTc1NmNhYzZmNDY2MGRh

Retrieved from "http://www.reservesdirect.org/wiki/index.php/Courseware_integration:_AuthenticationKey"