Previous
10.19.1 Trusted Application Authentication
Description
The "Trusted Application Authentication Scheme" (or 'trusted' scheme, as we will call it) is an authentication scheme that can be used when you don't want the repository to handle authentication, but rather you trust the client applications (the Daisy wiki or another custom application). Hence the name: the repository trusts the application.
Important security notice
The "Trusted Authentication Scheme" is inherently unsafe, and should only be used if the communication between the trusted application and the repository can not be intercepted.
Configuration
See myconfig.xml for a configuration example. Uncomment the sample
'trusted-auth' scheme and configure the application 'keys'. You can have
multiple keys if you have multiple trusted applications. To configure the wiki,
see the
Implementation Detail
In this authentication scheme each user's password is computed as md5sum(username + applicationkey). If an attacker were to find out the application key he can become any user he wants, so pick a good (long) string.