Home - NYULibraries/pds-custom GitHub Wiki

The NYU Libraries community is made up of different users stored in different systems. These users can login with the NYULibraries Oauth2 provider and PDS authorizes those users to login to PDS-only applications when the user exists in Aleph.

For a (NYU centric) PDS overview, check out this other wiki.

We've provided some slightly technical notes on our PDS architecture setup and some notes on how we configure PDS in our implementation.

We've provided some additional documentation on a PDS Session.

A Note on Identities

An identity is a set of attributes for a user from a given source. Identity attributes are used to make authorization decisions by calling systems.

In our PDS customization, identities play a central role in the authorization process. Users can have multiple identities, e.g. an NYU user has a Shibboleth identity and an Aleph identities.

Due to the limitation of Aleph, all users must have an Aleph identity. If the user doesn't have an Aleph identity (i.e. isn't in Aleph), we send her to a page explaining that she should probably contact an actual human.