EBMS Tickets

Issue Number 80
Summary [System] Allow administrators to switch authentication method for user accounts
Created 2013-10-29 09:43:46
Issue Type Improvement
Submitted By Kline, Bob (NIH/NCI) [C]
Assigned To Kline, Bob (NIH/NCI) [C]
Status Closed
Resolved 2013-10-30 09:57:45
Resolution Fixed
Path /home/bkline/backups/jira/oceebms/issue.114301
Description

Administrators currently have the ability to select which authentication mechanism is to be used for a new EBMS account, but is unable to switch an existing account to a different authentication mechanism. Add a task link to the edit user page for "Convert to <AUTHMETHOD>"

  • This will take the admin to a form that asks for the pertinent information for that authentication type. (e.g. the authname)

  • On submission of that form the system will:

    • Clear out the user’s authmap entries. You can do this by deleting the rows for that user. You may be able to do 'user_set_authmaps($acct_id, FALSE)'

    • Add a row to the authmap for that type

    • Redirect the user back to the edit user page

  • On cancellation the system will:

    • Redirect the user back to the edit user page

Comment entered 2013-10-30 09:57:45 by Kline, Bob (NIH/NCI) [C]

Solution has been implemented, approved by Bryan, installed on DEV, and checked into branches in Subversion:

https://ncisvn.nci.nih.gov/svn/oce_dev/Products/Drupal/sites/all/modules/Custom/nci_edir/branches/1.1
https://ncisvn.nci.nih.gov/svn/oce_dev/Products/Drupal/sites/all/modules/Custom/nci_SSO/branches/1.2

Lauren agreed to take care of promoting the software up the tiers, as well as testing of the changes to the nci_SSO module. We need to make sure the QA team tests the changes to the nci_edir module. A test plan might look something like:

  • create a test SSO user

  • confirm that the user can log in as SSO but not edir

  • confirm that the admin edit user page includes link to switch to edir

  • switch the account to edir

  • verify that the user can log in using edir but not SSO

  • confirm that the admin edit user page includes link to switch to SSO

  • switch the user back to SSO

  • confirm that the user can log in as SSO but not edir

It will be necessary to use an LDAP entry for which we have the login credentials (I've got one); same for SSO.

Comment entered 2013-11-13 14:25:33 by Kline, Bob (NIH/NCI) [C]

These changes have been promoted to QA.

Comment entered 2014-01-03 11:28:15 by Kline, Bob (NIH/NCI) [C]

This enhancement is on PROD.

Elapsed: 0:00:00.000746