Loading sub-menu...

UVigo CAS, LDAP and PuMuKit integration


The University of Vigo (UVigo) is the leading institution in the ambitious project Campus do Mar (Sea Campus), to create a campus of excellence about the oceans, from a multidisciplinary and international perspective.

Campus do Mar has a WebTV service (tv.campusdomar.es) where the many conferences and lectures recorded are made available to specific addressees --most of videos are public, but others may have restricted access to certain individuals or groups.

This WebTV is powered by Matterhorn, but the frontend is generated by UVigo's own home-made media management system: PuMuKit.

Thus, we were facing two distinct problems:

  • Integrating Matterhorn and PuMuKit so that the latter could somehow harvest the videos from the former.
  • Coordinating both systems to control the access to the videos.

Integrating Matterhorn & PuMuKit

Most of the changes were done in PuMuKit:

  • Internally, PuMuKit classifies contents in "Multimedia Objects", which are roughly equivalent to Matterhorn Mediapackages. So, PuMuKit's database was modified to include a new different type of multimedia object --Matterhorn MM Objects.
  • Then a new interface for administrators was developed in PuMuKit, so that they can search and import videos by using Matterhorn's services.
  • PuMuKit frontend was modified so that its standard played is replaced by an embedded Matterhorn player when a Matterhorn video is requested.

The changes in Matterhorn consisted of modifying the file watch.html in Matterhorn engage player, so that a normal version of the player could be embedded (since the default embedded version is rather limited for our purposes).

Steps to Protect the Access to the Videos

As PuMuKit is in the front end and provides access rights management, it seems that it should be managed exclusively in PuMuKit, since Matterhorn URLs are never exposed directly to the user. However, unauthorized users would still get the player page with an empty iframe, and even though it is not shown explicitly, the http source contains the URL of the video in Matterhorn. Thus, authentication must be synchronized in both Matterhorn and PuMuKit by using CAS.

Matterhorn was adapted to use CAS by using the instructions described at the bottom of this page. Release 1.2 handles the sign out incorrectly, and it had to be fixed by modifying the Spring Security configuration accordingly.

Also, an OpenLDAP server was set up to feed the CAS server, Matterhorn and PuMuKit.

Here you can see some pics with the final result:


Skip to end of metadata
Go to start of metadata