Login to join this discussion, or follow the forum conversation!
We're trying to get a sense of potential use cases for external (non-UC account holders) who might need access to Nuxeo. Do you have any scenarios in which you would like to work with a community partner on items that are in Nuxeo? Perhaps they'd like to interact directly through Nuxeo, or can offer descriptive insight?
In this case, is Shibboleth (or single sign-on) a blocker for getting community partners directly involved?
We'd love to get your input on this. Single sign-on was a huge priority for campuses when we were first getting into Nuxeo, but real life implementation might reveal new practices and project opportunities we didn't consider or realize a few years back.
What are your thoughts on doing away with Shibboleth? This would create a burden of account setup and management at the campus level, though we could try to contain it through the implementation of group permissions.
All thoughts, ideas, considerations, suggestions, feedback welcome! Thanks!
I'd be curious to know more about why single sign-on was such a high priority in the past. This is something I've heard before, but from my perspective it seems like a nice-to-have convenience at best. Maybe there's something I'm missing.
For us at UCR, not being able to create Nuxeo accounts for community partners hasn't been a blocker to undertaking projects. But it is a definite pain point that translates to more time spent coming up with work-around strategies and mediating contributions. I also think it probably makes our relationships with those partners less transparent and equitable than they could be when they don't directly have access to the DAMS that their collections are going into.
We now have the following item on our Nuxeo roadmap: https://trello.com/c/Qs6Ov5ap . We have been contacting key contacts at UC campus libraries, who directly work with Nuxeo, to understand the implications and pros/cons of transitioning from Shibboleth-based authentication to using Nuxeo's built-in authentication.