OpenID Connect for Linux: Difference between revisions
From Lsdf
Jump to navigationJump to search
No edit summary |
|||
| (7 intermediate revisions by 3 users not shown) | |||
| Line 2: | Line 2: | ||
= Description = |
= Description = |
||
[[File:INDIGO_logo_transparent.png | right | frameless ]] |
|||
[[File:OpenID_logo.png | right | frameless ]] |
[[File:OpenID_logo.png | right | frameless ]] |
||
We are working in |
We are working in European scientific projects |
||
As part of this we need to enable federated single-sign-on to our systems. |
|||
INDIGO Data Cloud. As part of that there is a need to harmonize identities all over the European Federations and provide an easy to use single sing on system. |
|||
This is where you come into play! |
This is where you come into play! |
||
You will implement a service that will enable a user to login |
You will implement a PAM service that will enable a user to login into any linux service. |
||
and use those credentials to do e.g. ssh, ftp or even S3. |
|||
| ⚫ | |||
Our Idea is a RESTful service with a plugin-interface. |
|||
Plugins will be provided and implemented on a end-service base. |
|||
| ⚫ | |||
* [http://openid.net/connect/ OpenID Connect] |
* [http://openid.net/connect/ OpenID Connect] |
||
* [http://oauth.net/2/ OAuth 2.0] |
|||
* [http://jwt.io/ Json Web Tokens (JWT)] |
* [http://jwt.io/ Json Web Tokens (JWT)] |
||
| ⚫ | |||
* [https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol (LDAP)] |
|||
* Concurrency |
|||
| ⚫ | |||
* concurrency (optional) |
|||
And you will implement: |
|||
* a RESTful webservice |
|||
** multiple clients |
|||
** multiple concurrent requests |
|||
** a management GUI (e.g. a website) |
|||
* local and remote execution of code |
|||
* multiple different services that need authorization/authentication |
|||
= Goals = |
|||
* Meet the PSE Goals |
|||
** Requirement specification (Pflichtenheft) |
|||
** System Design (Systementwurf) |
|||
** Implementation (Implementierung) |
|||
** Validation (Validierung (Qualitätskontrolle/Softwaretest) |
|||
** Final Report (Projektabnahme und Abschlussveranstaltung) |
|||
* Get better knowledge about authentication and authorization |
|||
* Learn about client/server communications |
|||
* Get better at understanding of systems, designing and implementing them |
|||
* Learn about the Linux Operating System |
|||
* Have fun |
|||
=Requirements= |
=Requirements= |
||
| Line 52: | Line 23: | ||
= What we provide = |
= What we provide = |
||
* an international group of smart and fun people |
* an international group of smart and fun people |
||
* several virtual machines as playground |
* several virtual machines as playground |
||
* a PSE project that will be used for real later on |
* a PSE project that will be used for real later on |
||
= Contact = |
= Contact = |
||
[mailto: |
[mailto:hardt@kit.edu Uros.Stevanovic∂kit.edu] |
||
[mailto:benjamin.ertl@kit.edu Benjamin.Ertl∂kit.edu] |
|||
[mailto:uros.stevanovic@kit.edu Uros.Stevanovic∂kit.edu] |
|||
= Further Informations = |
|||
[http://pp.info.uni-karlsruhe.de/lehre/WS201516/pse/ Informations regarding PSE WS2015/16 (German) ] |
|||
Latest revision as of 15:33, 20 March 2018
Description
We are working in European scientific projects As part of this we need to enable federated single-sign-on to our systems.
This is where you come into play! You will implement a PAM service that will enable a user to login into any linux service.
You will be working with:
- OpenID Connect
- Json Web Tokens (JWT)
- Security Considerations
- Concurrency
Requirements
- English (all documentations/presentations will be in English)
- Linux (basic knowledge, you should have seen the command line)
- Python (basic knowledge)
- eager to learn new things
What we provide
- an international group of smart and fun people
- several virtual machines as playground
- a PSE project that will be used for real later on
