OpenID Connect for Linux: Difference between revisions
From Lsdf
Jump to navigationJump to search
No edit summary |
|||
(20 intermediate revisions by 3 users not shown) | |||
Line 3: | Line 3: | ||
= Description = |
= Description = |
||
[[File:OpenID_logo.png | right | frameless ]] |
[[File:OpenID_logo.png | right | frameless ]] |
||
We are working |
We are working in European scientific projects |
||
As part of this we need to enable federated single-sign-on to our systems. |
|||
INDIGO Data Cloud. As part of that there is a need to harmonize identities all over the European Federations and provide an easy to use single sing on system. |
|||
This is where you come into play! |
This is where you come into play! |
||
You will implement a service that will enable a user to login |
You will implement a PAM service that will enable a user to login into any linux service. |
||
and use those credentials to do e.g. ssh, ftp or even S3. |
|||
⚫ | |||
Our Idea is a RESTful service with a plugin-interface. |
|||
Plugins will be provided and implemented on a end-service base. |
|||
⚫ | |||
* [http://openid.net/connect/ OpenID Connect] |
* [http://openid.net/connect/ OpenID Connect] |
||
* [http://oauth.net/2/ OAuth 2.0] |
|||
* [http://jwt.io/ Json Web Tokens (JWT)] |
* [http://jwt.io/ Json Web Tokens (JWT)] |
||
* [https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol (LDAP)] |
|||
* Security Considerations |
* Security Considerations |
||
* Concurrency |
|||
And you will implement: |
|||
* a RESTful webservice |
|||
* remote execution of code, e.g. using a ssh-connection (could be by using [http://www.ansible.com/ Anisble]) |
|||
* multiple different plugins for the services that need authorization/authentication |
|||
= Goals = |
|||
* Meet the PSE Goals |
|||
** Requirement specification (Pflichtenheft) |
|||
** System Design (Systementwurf) |
|||
** Implementation (Implementierung) |
|||
** Validation (Validierung (Qualitätskontrolle/Softwaretest)) |
|||
** Projektabnahme und Abschlussveranstaltung |
|||
* Get better knowledge about authentication and authorization |
|||
* Learn about client/server communication |
|||
* Get better at coding / maybe learn a new language |
|||
* Learn about the Linux Operating System |
|||
* Have fun |
|||
=Requirements= |
=Requirements= |
||
* English ( |
* English (all documentations/presentations will be in English) |
||
* Linux (basic knowledge, you should have seen the command line) |
* Linux (basic knowledge, you should have seen the command line) |
||
* Python (basic knowledge) |
* Python (basic knowledge) |
||
* Erlang (optional) |
|||
* eager to learn new things |
* eager to learn new things |
||
= What we provide = |
= What we provide = |
||
* |
* an international group of smart and fun people |
||
* several virtual machines as playground |
* several virtual machines as playground |
||
* a PSE project that will be used for real later on |
* a PSE project that will be used for real later on |
||
= Contact = |
= Contact = |
||
[mailto: |
[mailto:hardt@kit.edu Uros.Stevanovic∂kit.edu] |
||
[mailto:benjamin.ertl@kit.edu Benjamin.Ertl∂kit.edu] |
|||
[mailto:uros.stevanovic@kit.edu Uros.Stevanovic∂kit.edu] |
|||
= Further Informations = |
|||
[http://pp.info.uni-karlsruhe.de/lehre/WS201516/pse/ Informations regarding PSE WS2015/16 (German) ] |
Latest revision as of 15:33, 20 March 2018
Description
We are working in European scientific projects As part of this we need to enable federated single-sign-on to our systems.
This is where you come into play! You will implement a PAM service that will enable a user to login into any linux service.
You will be working with:
- OpenID Connect
- Json Web Tokens (JWT)
- Security Considerations
- Concurrency
Requirements
- English (all documentations/presentations will be in English)
- Linux (basic knowledge, you should have seen the command line)
- Python (basic knowledge)
- eager to learn new things
What we provide
- an international group of smart and fun people
- several virtual machines as playground
- a PSE project that will be used for real later on