Single Sign On with squid

From: Peter Polkinghorne <Peter.Polkinghorne@dont-contact.us>
Date: Wed, 21 Apr 1999 13:14:49 +0200

Background:

We have been looking at ways to make single sign on (in summary user
authenticates themselves once - or least as little as possible by as few
means as possible) more of a reality.

One of the areas that is of interest to us is external Web Services -
typically in our environment electronic journals - that require password
(as opposed to IP) authentication.

Idea:

Squid has proxy authentication - so it is possible to authenticate people at
Squid.
Squid does some header rewriting - both via redirector and the anonymiser.

So it would be nice to use proxy-auth info to derive the authorisation info
for particular sites - this could be selected by an acl type mechanism - an
external program would then take say username password pair and
return OK plus authorisation info OR ERR, in similar fashion to the proxy auth
mechanism.

Questions:

A: presumably Squid can not do this right now?

B: would people find such a mechanism useful?

C: are there any fatal flaws in this scheme?

D: would it be easy to implement in Squid - if so might have a go myself ...?

-- 
-----------------------------------------------------------------------------
| Peter Polkinghorne, Computer Centre, Brunel University, Uxbridge, UB8 3PH,|
| Peter.Polkinghorne@brunel.ac.uk   +44 1895 274000 x2561       UK          |
-----------------------------------------------------------------------------
Received on Wed Apr 21 1999 - 06:22:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:54 MST