Hi!
We’re currently using LDAP authentication with OJS and I’ve been told that OJS ships with out of the box SAML support, but I can’t find any information on this. Is this is accurate? Does anyone have it setup? We use Ping Federate and are trying to decide whether to turn off our LDAP authentication (and rely on OJS local auth) or upgrade to SAML SSO as part of a move to remote hosting with PKP.
We’re on OJS 2.4.2.
Thanks,
Suzy
Check out the Shibboleth plugin.
Configuration on the OJS side is largely done in config.inc.php:
You will also need your webserver to be configured (e.g. Apache with mod_shib)
Thanks, I’ll send to our authentication team and get some advice. Do you know if this works with multiple domain names? We have a multi journal install with separate domains for each journal i.e. not sub domains.
If using the Linux NativeSP, I know from personal experience that you can attach this via mod_shib to multiple Apache name-based VirtualHosts. Note that the implict auth config happens at the OJS site install level, so if you had divergent configuration parameters for individual journals (for example, JournalA uses WAYF #1, but JournalB uses WAYF #2), these would need to be housed in different OJS installs.