-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathidentityServer.html
More file actions
131 lines (108 loc) · 5.67 KB
/
identityServer.html
File metadata and controls
131 lines (108 loc) · 5.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<meta name="description" content="My Blog">
<meta name="author" content="Ameya Advankar">
<title>My Randezvous with Tech</title>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-98730488-1', 'auto');
ga('send', 'pageview');
</script>
<!-- Bootstrap core CSS -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="css/blog.css" rel="stylesheet">
</head>
<body>
<div class="container">
<div class="blog-header">
<h1 class="blog-title">My Randezvous with Tech</h1>
<p class="lead blog-description">A brief insight on various tech related topics</p>
</div>
<div class="row">
<div class="col-sm-8 blog-main">
<div class="blog-post">
<h2 class="blog-post-title">Light weight Identity Server</h2>
<p class="blog-post-meta">March 23rd, 2017 by <a href="#">Ameya Advankar</a></p>
<hr>
<h3>Problem Statement:</h3>
<hr>
Implement an Identity Server which provides OpenID Connect & OAuth 2.0 capabilities.
<hr>
<h3>Problem Evaluation:</h3>
<hr>
<p><a href="www.keycloak.org" target="_blank">Keycloak</a> provides for an open source light-weight identity provider and was chosen as the Identity Server. Keycloak is OpenID Connect compliant and thus can be plugged into any application which implements OpenID Connect specified api calls for authentication and identity management.</p>
<br>
Following factors were considered while selecting the grant flow type to be implemented:
<ul>
<li>The Django portal will be accessed by the users via a web browser and can be used to redirect the user to the Identity provider authentication page.<sup>[1]</sup></li>
<li>The Users may not trust the portal as much to enter their credentials directly in the portal</li>
<li>The front-end code on the client browser which is in Javascript cannot be trusted for holding the user's id_token</li>
</ul>
Considering the above factors in mind, the Authorization Code grant flow was selected to be implemented in the Django portal.
<hr>
<h3>Detailed Solution:</h3>
<hr>
<p>While implementing the authentication mechanism in the Django portal, we had to ensure that the code was IdP agnostic i.e. any OpenID Connect complaint IdP should be pluggable via configuration.</p>
Pictured below is the detailed flow of the implementation.
<img src="images/IdP_Architecture.png">
<p>Code implementation can be found in the <a href="https://github.com/airavata-courses/spring17-django-portal/tree/develop">spring17-django-portal github</a> develop branch</p>
<hr>
<h3> Conclusion </h3>
<hr>
<p> Authorization code grant flow was identified as the suitable flow for the Django portal. A poc has been implemented in the <a href="https://github.com/airavata-courses/spring17-django-portal/tree/develop">spring17-django-portal github</a></p>
<hr>
<h3>Associated Github issues</h3>
<hr>
<ul>
<li><a href="https://github.com/airavata-courses/spring17-django-portal/issues/3">Authentication using Identity Server</a></li>
</ul>
<hr>
<h3>References</h3>
<ol>
<li>S. Nakandala, H. Gunasinghe, S. Marru, and M. Pierce, <em>"Apache Airavata Security Manager: Authentication and Authorization Implementations for a Multi-Tenant eScience Framework"</em></li>
</ol>
<hr>
</div><!-- /.blog-post -->
</div><!-- /.blog-main -->
<div class="col-sm-3 col-sm-offset-1 blog-sidebar">
<div class="sidebar-module">
<script type="text/javascript" src="https://platform.linkedin.com/badges/js/profile.js" async defer></script>
<div class="LI-profile-badge" data-version="v0" data-size="medium" data-locale="en_US" data-type="vertical" data-theme="light" data-vanity="ameyaadvankar"><a class="LI-simple-link" href='https://www.linkedin.com/in/ameyaadvankar?trk=profile-badge'>Ameya Advankar</a></div>
</div>
<div class="sidebar-module">
<h4>Articles</h4>
<ul class="list-unstyled">
<li><a href="/reliableAndSecureUploads.html">Exploring tus.io</a></li>
<li><a href="/identityServer.html">Identity Server</a></li>
<li><a href="/devOpsForPortal.html">DevOps</a></li>
<li><a href="/loadbalancerDetails.html">Loadbalancer & Service Discovery Setup details</a></li>
<li><a href="/">Loadbalancer & Service Discovery</a></li>
</ul>
</div>
<div class="sidebar-module">
<h4>Connect</h4>
<ol class="list-unstyled">
<li><a href="https://github.com/Ameya05" target="_blank">GitHub</a></li>
<li><a href="https://www.linkedin.com/in/ameyaadvankar" target="_blank">LinkedIn</a></li>
<li><a href="https://www.facebook.com/Ameya05" target="_blank">Facebook</a></li>
</ol>
</div>
</div><!-- /.blog-sidebar -->
</div><!-- /.row -->
</div><!-- /.container -->
<footer class="blog-footer">
<p>
<a href="#">Back to top</a>
</p>
</footer>
</body>
</html>