Task:Single sign-on/Status
danielwilms (Talk | contribs) (→Issues) |
danielwilms (Talk | contribs) (→Test environment setup) |
||
Line 48: | Line 48: | ||
* CAS authentication integrated | * CAS authentication integrated | ||
* User can log in and logout using CAS | * User can log in and logout using CAS | ||
+ | * Single sign-out now working | ||
Line 60: | Line 61: | ||
* Applications could request data from it | * Applications could request data from it | ||
* Right now just a UI as a user registry | * Right now just a UI as a user registry | ||
- | |||
== Issues == | == Issues == |
Revision as of 12:34, 7 July 2009
This wiki page should give an update of the current status of the SSO implementation for the maemo.org components. The concept behind it and the reasons for the chosen implementation can be found here: Task:Single_sign-on
Contents |
Discuss it!
If you have suggestions, ideas, comments or questions feel free to join #maemo-meeting, 27.05. 12:00 UTC
In short - the main results of the meeting
Besides a general status update, here in a few words the main results of the meeting:
User management
- Centralised in one component
- Implemented on top of Midgard
- Infrastructure and UI already there
- Only modifications instead of rebuild from scratch
- Stored in a LDAP directory
- Applications...
- ...request the data from the user management system
- ...still have there own, local database
- ...offer endpoint, which can be pinged by the user management system to inform, that user data has been changed
Data merging
- First proposal 2-way merge, but problem with talk, as mostly different from the rest
- Better (or additionally): First login into new system request user to specify user names and passwords of all components and merge them under the new account
Keep informed
Here, in the monthly sprints and on my blog you can get always the newest information on the topic. In a couple of weeks we will meet again to discuss the status. I hope there will be a lively discussion in the meanwhile to get new ideas, comments and suggestions.
Test environment setup
Here you find the current status of the test environment. It is not meant for testing, but it should inform about the status right now.
Authentication Server
- Instance of CAS running on the test server
- Apache Tomcat used as servlet container
- Secure connection
- self signed certificate used for testing purposes
- LDAP directory used for user authentication (running on virtual machine)
Mediawiki
- Instance of mediawiki running on the test server
- Apache web server used to host the wiki
- CAS authentication integrated
- User can log in and logout using CAS
- Single sign-out now working
GForge
- Instance hosted by apache web server running in test environment
- Integration ongoing
User Management System
- Abstracted of the others components
- Should contain all the user related data
- Applications could request data from it
- Right now just a UI as a user registry
Issues
- ISSUE: LDAP/registry not over secure connection
Next steps
- Full integration of GForge
- Concept user data management -> apart from CAS
- Merging of different userdatabases (bugzilla, talk, midgard)
- Midgard integration
- Getting Wiki, Midgard, GForge in a shape for public testing
Future Plans
- integration of bugzilla, talk
Open Questions
- How should the application get the data from the user management system
- First possibility:
- Just UI to register user and update data
- Other components get data by LDAP-access
- Second idea:
- Web UI for user
- REST API for applications
- First possibility: