Ticket #983 (closed task: fixed)
[S] NDG OpenID Provider
| Reported by: | pjkersha | Owned by: | pjkersha |
|---|---|---|---|
| Priority: | required | Milestone: | NDG3 |
| Component: | security | Version: | |
| Keywords: | OMII-UK, security | Cc: |
Description
Implement an OpenID Provider service (aka Identity Provider). This continues the work from #931 and is required for the collaboration with Earth System Grid for IPCC AR5. OpenID is the chosen authentication mechanism for ESG and ESG - NDG single sign on.
#931 enabled any given NDG site to act as a Relying Party. An NDG OpenID Provider service will complete the two sides of the interface and OpenID enable NDG site user accounts.
Change History
comment:1 Changed 11 years ago by pjkersha
- Status changed from new to assigned
- Type changed from defect to task
comment:3 Changed 11 years ago by pjkersha
- added templating support with a buffet based plugin to the OpenIDProvider rendering interface. Other rendering interface classes can be added as required. The kid based rendering interface is now independent of the Pylons project framework and can be deployed as an independently.
- Added an abstract user authentication interface with example basic authN and Session Manager based interfaces. The latter means that OpenID signin can be against a Session Manager's Authentication call. On signin a link is made to a Session Manager instance and a session and wallet created for the user.
- TODO: add SSL Client Authentication as required for ESG collaboration. - investigating solution using an SSL Client middleware implementation deployed with mod_wsgi so that it can access SSL environ variables set by Apache's SSL handling.
Note: See
TracTickets for help on using
tickets.
Adapted Python OpenID simple server example and converted into WSGI Middleware. TODO: