Ticket #983 (closed task: fixed)

Opened 11 years ago

Last modified 10 years ago

[S] NDG OpenID Provider

Reported by: pjkersha Owned by: pjkersha
Priority: required Milestone: NDG3
Component: security Version:
Keywords: OMII-UK, security Cc:

Description

Implement an OpenID Provider service (aka Identity Provider). This continues the work from #931 and is required for the collaboration with Earth System Grid for IPCC AR5. OpenID is the chosen authentication mechanism for ESG and ESG - NDG single sign on.

#931 enabled any given NDG site to act as a Relying Party. An NDG OpenID Provider service will complete the two sides of the interface and OpenID enable NDG site user accounts.

Change History

comment:1 Changed 11 years ago by pjkersha

  • Status changed from new to assigned
  • Type changed from defect to task

Adapted Python OpenID simple server example and converted into WSGI Middleware. TODO:

  • Add templating support
  • integrate AuthKit and user database.

comment:2 Changed 11 years ago by pjkersha

  • Keywords OMII-UK, security added

comment:3 Changed 11 years ago by pjkersha

  • added templating support with a buffet based plugin to the OpenIDProvider rendering interface. Other rendering interface classes can be added as required. The kid based rendering interface is now independent of the Pylons project framework and can be deployed as an independently.
  • Added an abstract user authentication interface with example basic authN and Session Manager based interfaces. The latter means that OpenID signin can be against a Session Manager's Authentication call. On signin a link is made to a Session Manager instance and a session and wallet created for the user.
  • TODO: add SSL Client Authentication as required for ESG collaboration. - investigating solution using an SSL Client middleware implementation deployed with mod_wsgi so that it can access SSL environ variables set by Apache's SSL handling.

comment:4 Changed 10 years ago by pjkersha

  • Milestone changed from OMII-UK: Integration with other security technologies to NDG3

Moved to MSI following OMII-UK prtoject close.

comment:5 Changed 10 years ago by pjkersha

  • Status changed from assigned to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.