Re: [kapua-dev] SSO user handling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [kapua-dev] SSO user handling

From: "Morson, Stefano" <stefano.morson@xxxxxxxxxxxx>
Date: Thu, 13 Apr 2017 10:49:30 +0000
Accept-language: en-US
Delivered-to: kapua-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/kapua-dev>
List-help: <mailto:kapua-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/kapua-dev>, <mailto:kapua-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/kapua-dev>, <mailto:kapua-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHSssCQoNSxAxZrDUyb/B0GVHfKiqHDEwlo
Thread-topic: [kapua-dev] SSO user handling

Hi Jens,

you're right, this has to be finalised.

The way it will work for the multi tenancy is the following. In the standard login page there will be a new link "Register new account" (account here equals "tenant"). An account registration page will appear. The requester will have to define the owner of the new account. There will be two options: the owner is a local (auth by kapua) user or the owner is an SSO authenticated user. After the owner is defines the requester will fill other account informations, the name of the account, the organization name, etc. Then the request is submitted and the account is created along with the defined owner. The owner will be associated with an admin role.

The requester will then login into Kapua with the credentials defined above.

If a new user needs to be added to an existing account, the administrator have to manage the request by adding the user in the account. Auto registration of users in an existing account is unlikely to happen in real world deployments but could be interesting for demo env.

For a single tenant your proposal can simplify a lot, so we should also consider it for a first implementation.

As for the multiple SSO (per account) feature. Yeah I agree, we should consider it for the near future.

Stefano

From: kapua-dev-bounces@xxxxxxxxxxx <kapua-dev-bounces@xxxxxxxxxxx> on behalf of Jens Reimann <jreimann@xxxxxxxxxx>
Sent: Tuesday, April 11, 2017 2:38 PM
To: kapua developer discussions
Subject: [kapua-dev] SSO user handling

Hi everyone,

after playing around with the SSO integration of Kapua I am a bit puzzled how the integration should actually work.

Now I have the SSO setup running, but when I got authorized, Kapua logs my in as "kapua-sys" and not as the user I was registered.

I would have expected at least to get a new user provisioned automatically during the process, based on my e-mail address.

Looking at the bigger picture however, I also think that, for multi-tenancy, there should be a way to integrate with different SSO providers. Making them configurable at run time for each tenant.

For non-multi-tenant setups, it would be sufficient to create a new user and place it under a default (configurable) account.

Cheers

Jens

Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________

Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill

Follow-Ups:
- Re: [kapua-dev] SSO user handling
  - From: Jens Reimann

References:
- [kapua-dev] SSO user handling
  - From: Jens Reimann

Prev by Date: [kapua-dev] Adding checkstyle to the build
Next by Date: Re: [kapua-dev] Adding checkstyle to the build
Previous by thread: [kapua-dev] SSO user handling
Next by thread: Re: [kapua-dev] SSO user handling
Index(es):
- Date
- Thread

Breadcrumbs