SourceForge
Search Moria Web Authentication Service
Project Documentation
This chapter will describe the authentication method direct non-interactive authentication. It is called direct because Moria2 does not handle the user's credentials; this is received directly from the service. This method is useful for services that are not web-based/have no possibility to handle redirects.
These are the basic steps involved in a direct non-interactive authentication.
The user attempts to access some protected content provided by a Moria2-enabled web service.
The service receives the user's credentials. The username is on the form localID@organization, where localID is the local username assigned to the user by his or hers home organization organization. Exactly how the service receives these credentials is up to the service implementation.
The service contancts Moria2 and requests a direct non-interactive authentication session. The service will usually also request one or more user attributes.
Method used by service: directNonInteractiveAuthentication
(JavaDoc,
SOAP Example,
Java/Axis Example)
Moria2 checks the request against the stored service profile. If the request is valid then the user's credentials are checked.
Given that step 4 completes successfully, Moria2 returns the requested attribute values.
The service now has the necessary information to authorize the user (or not, as the case may be) to access the protected content.
Note that in this case, the service will only need to perform a single SOAP call, as well as handle the retrieval of user credentials.
Use of direct non-interactive authentication potentially allows a service to harvest users' credentials. This is a serious security consideration when a user accesses a service from any organization other than the user's own home organization. The Moria2 administrator will take care to only allow this authentication method for trusted services.