Athens DA Protocol: Difference between revisions
No edit summary |
(→URLs) |
||
Line 37: | Line 37: | ||
https://auth.athensams.net/trl/1.0/-/RESOURCE_ID | https://auth.athensams.net/trl/1.0/-/RESOURCE_ID | ||
https://auth.athensams.net/trl/1.0/-/RESOURCE_ID?ath_action=noHddsSession | https://auth.athensams.net/trl/1.0/-/RESOURCE_ID?ath_action=noHddsSession | ||
RSS feed of available resources: https://auth.athensams.net/my/resources/rss (only available once authenticated?) | |||
==Cookies== | ==Cookies== | ||
* ath_ldom, domain .athensams.net, expires 2012: contains providerID, appears to drive the Home Domain Discovery service. It may be that this can be set with, e.g., https://auth.athensams.net/?id=[site ID]&ath_returl=[persistent link URL] | * ath_ldom, domain .athensams.net, expires 2012: contains providerID, appears to drive the Home Domain Discovery service. It may be that this can be set with, e.g., https://auth.athensams.net/?id=[site ID]&ath_returl=[persistent link URL] |
Revision as of 13:20, 18 May 2007
This was a working document belonging to the Computing Service's Shibboleth Development Project. This project is complete (Raven now supports Shibboleth) and this document only remains for historical and reference purposes. Be aware that it is not being maintained and may be misleading if read out of context.
As I understand it, the Shib->Athens gateway effectively uses EduServ's proprietary Athens DA protocol once you've actually authenticated. Details of the protocol are not available to the likes of us, but here are some notes on aspects of it that I have deduced.
Identifiers
The protocol apparently transfers at least two attributes to the content provider: a user name and a persistent unique ID. When using the gateway, the user name is a 20-character random string starting '_' and the persistent unique ID is set from the eduPersonTargetedID provided by Shib. Apparently there is no guarantee that the random user names won't change, though they don't at the moment.
URLs
...In fact you can now, by appending '&ath_action=daauth&id={your_site_id}' to an Athens AAP URL. Eg. To access the OED: http://auth.athensams.net/?ath_dspid=OUP.OED&ath_returl=http%3A%2F%2Fdiction ary.oed.com%2Fentrance.dtl&ath_action=daauth&id=={your_site_id} This does not set the ldom cookie. If you want to set the cookie at the same time, then you can use the method John suggests.
...the setorg page ensuring the ath_ldom cookie is set and bypassing the HDDS pages. e.g. https://auth.athensams.net/?id=[site ID]&ath_returl=[persistent link URL]
The new service URL format is called a target resource locator (TRL), which uses a combination of: * the URL of the Athens authentication point (AP) * a TRL identifier * a resource identifier The basic format of a TRL is therefore: https://auth.athensams.net/trl/1.0/-/RESOURCE_ID https://auth.athensams.net/trl/1.0/-/RESOURCE_ID?ath_action=noHddsSession
RSS feed of available resources: https://auth.athensams.net/my/resources/rss (only available once authenticated?)
Cookies
- ath_ldom, domain .athensams.net, expires 2012: contains providerID, appears to drive the Home Domain Discovery service. It may be that this can be set with, e.g., https://auth.athensams.net/?id=[site ID]&ath_returl=[persistent link URL]