Task:Single sign-on/Status

This wiki page should give an update of the current status of the SSO implementation for the maemo.org components. The concept behind it and the reasons for the chosen implementation can be found here: Task:Single_sign-on

Contents

Discuss it!

If you have suggestions, ideas, comments or questions feel free to join #maemo-meeting, 27.05. 12:00 UTC

In short - the main results of the meeting

Besides a general status update, here in a few words the main results of the meeting:

User management

  • Centralised in one component
  • Implemented on top of Midgard
    • Infrastructure and UI already there
    • Only modifications instead of rebuild from scratch
  • Stored in a LDAP directory
  • Applications...
    • ...request the data from the user management system
    • ...still have there own, local database
    • ...offer endpoint, which can be pinged by the user management system to inform, that user data has been changed

Data merging

  • First proposal 2-way merge, but problem with talk, as mostly different from the rest
  • Better (or additionally): First login into new system request user to specify user names and passwords of all components and merge them under the new account

Keep informed

Here, in the monthly sprints and on my blog you can get always the newest information on the topic. In a couple of weeks we will meet again to discuss the status. I hope there will be a lively discussion in the meanwhile to get new ideas, comments and suggestions.

Test environment setup

Here you find the current status of the test environment. It is not meant for testing, but it should inform about the status right now.

Image:Architecture_test_envi.jpg

Authentication Server

  • Instance of CAS running on the test server
  • Apache Tomcat used as servlet container
  • Secure connection
  • self signed certificate used for testing purposes
  • LDAP directory used for user authentication (running on virtual machine)


Mediawiki

  • Instance of mediawiki running on the test server
  • Apache web server used to host the wiki
  • CAS authentication integrated
  • User can log in and logout using CAS


GForge

  • Instance hosted by apache web server running in test environment
  • Integration ongoing


User Management System

  • Abstracted of the others components
  • Should contain all the user related data
  • Applications could request data from it
  • Right now just a UI as a user registry


Issues

  • ISSUE: Wiki: no anonymous reading allowed right now
  • ISSUE: LDAP/registry not over secure connection
  • ISSUE: Single sign out not implemented yet for wiki


Next steps

  • Full integration of GForge
  • Concept user data management -> apart from CAS
    • Merging of different userdatabases (bugzilla, talk, midgard)
  • Midgard integration
  • Getting Wiki, Midgard, GForge in a shape for public testing


Future Plans

  • integration of bugzilla, talk


Open Questions

  • How should the application get the data from the user management system
    • First possibility:
      • Just UI to register user and update data
      • Other components get data by LDAP-access
    • Second idea:
      • Web UI for user
      • REST API for applications