...

Users authenticate to COmanage Registry using a federated identity. The Registry itself does not provide nor directly manage any particular federated identity authentication protocol but simply reads the Apache REMOTE_USER CGI environment variable for a user identifier. REMOTE_USER is expected to be populated using some federated identity technology. Common deployment patterns use the Shibboleth Native SP for Apache HTTP Server, SimpleSAMLphp, and mod_auth_openidc. Other user identifiers and user information may be consumed from other CGI environment variables.

After COmanage Registry authenticates a user by consuming REMOTE_USER the user identity is persisted across requests to the application using standard PHP session handling functionality. Specifically any session provided by the federated identity integration (eg. Shibboleth SP) is not required

Common Deployment Pattern

...