Hello, on OJS 3.3.x is there any way to allow a Wordpress user that has been validated on that Wordpress site to gain access to an OJS journal. If so, how is it accomplished please?
The users logging into that site come from many difference IPs. In the old days, I thought a referring URL access existed but I think that is gone. It would be nice to use a plugin like SAML Single Sign On – SSO Login – WordPress plugin | WordPress.org on Wordpress to securely access OJS.
As a followup, the goal is to let someone who has been validated on Wordpress to be able to access OJS via some method. I am not looking to port a Wordpress site to OJS. Specifically in this case, an association has a website built with Wordpress and they want to be able to have their users get access to one of our journals.
PLUS, a user coming from Wordpress to OJS can come in with ONE known user name, so there is no validation to a database of subscribers.
We are looking for SSO/SAML support to go from a wordpress site to OJS.
We identified OrangeSAML as a potential plugin.
Users would authenticate to the wordpress site (an association website) and then jump to OJS using just one user prebuilt on OJS that is dedicated for that association. (We are doing it this as the association would likely NOT share their membership list and its import into OJS may be problematic.) In working with ORANGE, they mention that they need a “Service Provider” running on OJS. In the Sibboleth plugin, it states “With this plugin enabled, a Shibboleth single sign-on service can be used to register and authenticate users. You must have set up and configured the local service provider (SP).”
So, my questions are please:
Is there a service provider running on OJS?
If not, they stated the had a PHP based service provider they could install. We showed them the OJS folder and they said it was not a problem. The question is if this is a reasonable solution?
I’ve merged this latest post with your previous thread on the subject.
Single sign on against an institutional source is usually a tricky proposition because some of your users will be “insiders” (thus have accounts in your Wordpress) but others will not, typically authors and reviewers.
It sounds like part of what you’re looking for is the ability to check subscriptions against an external membership list. If that’s the case, then the Subscription SSO plugin (also in the Plugin Gallery) is the closest match. It doesn’t require any kind of import into OJS; it allows OJS to check a simple external service for subscription status.
I’m not an expert on Shibboleth but I do know it’s used in production by community members. I’d have to defer to them on further details. As I understand it, OJS relies on an external Shibboleth service, and does not have its own built-in service provider.
There is an OpenID plugin that can be used to authenticate against an external source, and I’m sure Wordpress could also be configured to work this way. We’ve tested with Keycloak as the service provider. But again, the typical need for OJS to support both insider and outsider accounts often mitigates the usefulness of this – unless all are willing to authenticate against an industry-wide third party, such as ORCiD. ORCiD is supported as a service provider for the OpenID plugin.
Regards,
Alec Smecher
Public Knowledge Project Team
In this case, we do not want to authenticate against both inside and outside users. To restated: A user will come to a Wordpress site and authenticate. Then, they will click a provided link (on a gated webpage in that Wordpress site) that will jump them to OJS to a previously set-up user on OJS. It is much simpler than what you are suggesting. WE don’t care who is logging in as long as they are using the pre-configured/validated username (and password).
Visually (for my own sanity checking!)
User goes to WP site
User Authenticates to WP site with a username and password
User find the journal link in the gated area of the WP site.
User clicks on link, is taken to OJS and is logged in to OJS with predefined username/password.
Don’t care how long user is logged in
Do care that multiple users of the same name can long in at the same time.
Another way? Is there some type of predefined hashtag key that can be passed along with a link?
You would need something like Shibboleth or OpenID to accomplish that, but I’m afraid I can’t be much help beyond that – it’s not a common deployment pattern.
Regards,
Alec Smecher
Public Knowledge Project Team
Is there another way that we can let gated users from a Wordpress site to get access to OJS? I remember we had an online platform that had a Hash MD5 access token that could be passed to allow users to get access to that platform. Seem that you SSO plugin can help but it wants to validate against an outside database. What if that database were simply another table in the OJS databases…or a standalone. Do you have anyone on staff that wants to work on a project like this?
Thanks!