airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scnakand...@apache.org
Subject [1/3] airavata git commit: adding KeyCloak based security manager
Date Mon, 03 Apr 2017 17:50:22 GMT
Repository: airavata
Updated Branches:
  refs/heads/develop 5100c07db -> 048a11bab


adding KeyCloak based security manager


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/4ec28232
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/4ec28232
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/4ec28232

Branch: refs/heads/develop
Commit: 4ec282320f267729c9c8b7138667c092d8f98035
Parents: 6bc536f
Author: scnakandala <supun.nakandala@gmail.com>
Authored: Mon Apr 3 13:48:59 2017 -0400
Committer: scnakandala <supun.nakandala@gmail.com>
Committed: Mon Apr 3 13:48:59 2017 -0400

----------------------------------------------------------------------
 .../security/KeyCloakSecurityManager.java       | 286 +++++++++++++++++++
 .../apache/airavata/common/utils/Constants.java |   2 +
 .../airavata/common/utils/ServerSettings.java   |   9 +
 .../main/resources/airavata-server.properties   |   5 +
 .../src/main/resources/client_truststore.jks    | Bin 2423 -> 3740 bytes
 5 files changed, 302 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/4ec28232/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/KeyCloakSecurityManager.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/KeyCloakSecurityManager.java
b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/KeyCloakSecurityManager.java
new file mode 100644
index 0000000..bd1c90b
--- /dev/null
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/security/KeyCloakSecurityManager.java
@@ -0,0 +1,286 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+*/
+package org.apache.airavata.api.server.security;
+
+import org.apache.airavata.api.server.security.authzcache.*;
+import org.apache.airavata.common.exception.ApplicationSettingsException;
+import org.apache.airavata.common.utils.Constants;
+import org.apache.airavata.common.utils.ServerSettings;
+import org.apache.airavata.credential.store.client.CredentialStoreClientFactory;
+import org.apache.airavata.credential.store.cpi.CredentialStoreService;
+import org.apache.airavata.credential.store.exception.CredentialStoreException;
+import org.apache.airavata.model.appcatalog.gatewayprofile.GatewayResourceProfile;
+import org.apache.airavata.model.credential.store.PasswordCredential;
+import org.apache.airavata.model.security.AuthzToken;
+import org.apache.airavata.registry.api.RegistryService;
+import org.apache.airavata.registry.api.client.RegistryServiceClientFactory;
+import org.apache.airavata.registry.api.exception.RegistryServiceException;
+import org.apache.airavata.security.AiravataSecurityException;
+import org.apache.airavata.security.util.TrustStoreManager;
+import org.apache.thrift.TException;
+import org.json.JSONArray;
+import org.json.JSONObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class KeyCloakSecurityManager implements AiravataSecurityManager {
+    private final static Logger logger = LoggerFactory.getLogger(KeyCloakSecurityManager.class);
+
+    private HashMap<String, String> rolePermissionConfig = new HashMap<>();
+
+
+    public KeyCloakSecurityManager() throws AiravataSecurityException {
+        rolePermissionConfig.put("admin", "/airavata/.*");
+        rolePermissionConfig.put("gateway-provider", "/airavata/.*");
+        rolePermissionConfig.put("admin-read-only", "/airavata/getSSHPubKey|/airavata/getAllGatewaySSHPubKeys"
+
+                "|/airavata/getAllGatewayPWDCredentials|/airavata/getApplicationModule|/airavata/getAllAppModules"
+
+                "|/airavata/getApplicationDeployment|/airavata/getAllApplicationDeployments|/airavata/getAppModuleDeployedResources"
+
+                "|/airavata/getStorageResource|/airavata/getAllStorageResourceNames|/airavata/getSCPDataMovement"
+
+                "|/airavata/getUnicoreDataMovement|/airavata/getGridFTPDataMovement|/airavata/getResourceJobManager"
+
+                "|/airavata/deleteResourceJobManager|/airavata/getGatewayResourceProfile|/airavata/getGatewayComputeResourcePreference"
+
+                "|/airavata/getGatewayStoragePreference|/airavata/getAllGatewayComputeResourcePreferences"
+
+                "|/airavata/getAllGatewayStoragePreferences|/airavata/getAllGatewayResourceProfiles|/airavata/getAPIVersion"
+
+                "|/airavata/getNotification|/airavata/getAllNotifications|/airavata/createProject|/airavata/updateProject"
+
+                "|/airavata/getProject|/airavata/deleteProject|/airavata/getUserProjects|/airavata/searchProjectsByProjectName"
+
+                "|/airavata/searchProjectsByProjectDesc|/airavata/searchExperimentsByName|/airavata/searchExperimentsByDesc"
+
+                "|/airavata/searchExperimentsByApplication|/airavata/searchExperimentsByStatus|/airavata/searchExperimentsByCreationTime"
+
+                "|/airavata/searchExperiments|/airavata/getExperimentStatistics|/airavata/getExperimentsInProject"
+
+                "|/airavata/getUserExperiments|/airavata/createExperiment|/airavata/deleteExperiment|/airavata/getExperiment"
+
+                "|/airavata/getDetailedExperimentTree|/airavata/updateExperiment|/airavata/updateExperimentConfiguration"
+
+                "|/airavata/updateResourceScheduleing|/airavata/validateExperiment|/airavata/launchExperiment"
+
+                "|/airavata/getExperimentStatus|/airavata/getExperimentOutputs|/airavata/getIntermediateOutputs"
+
+                "|/airavata/getJobStatuses|/airavata/getJobDetails|/airavata/cloneExperiment|/airavata/terminateExperiment"
+
+                "|/airavata/getApplicationInterface|/airavata/getAllApplicationInterfaceNames|/airavata/getAllApplicationInterfaces"
+
+                "|/airavata/getApplicationInputs|/airavata/getApplicationOutputs|/airavata/getAvailableAppInterfaceComputeResources"
+
+                "|/airavata/getComputeResource|/airavata/getAllComputeResourceNames|/airavata/getWorkflow|/airavata/getWorkflowTemplateId"
+
+                "|/airavata/isWorkflowExistWithName|/airavata/registerDataProduct|/airavata/getDataProduct|/airavata/registerReplicaLocation"
+
+                "|/airavata/getParentDataProduct|/airavata/getChildDataProducts");
+        rolePermissionConfig.put("gateway-user", "/airavata/getAPIVersion|/airavata/getNotification|/airavata/getAllNotifications|"
+
+                "/airavata/createProject|/airavata/updateProject|/airavata/getProject|/airavata/deleteProject|/airavata/getUserProjects|"
+
+                "/airavata/searchProjectsByProjectName|/airavata/searchProjectsByProjectDesc|/airavata/searchExperimentsByName|"
+
+                "/airavata/searchExperimentsByDesc|/airavata/searchExperimentsByApplication|/airavata/searchExperimentsByStatus|"
+
+                "/airavata/searchExperimentsByCreationTime|/airavata/searchExperiments|/airavata/getExperimentStatistics|"
+
+                "/airavata/getExperimentsInProject|/airavata/getUserExperiments|/airavata/createExperiment|/airavata/deleteExperiment|"
+
+                "/airavata/getExperiment|/airavata/getDetailedExperimentTree|/airavata/updateExperiment|/airavata/updateExperimentConfiguration|"
+
+                "/airavata/updateResourceScheduleing|/airavata/validateExperiment|/airavata/launchExperiment|/airavata/getExperimentStatus|"
+
+                "/airavata/getExperimentOutputs|/airavata/getIntermediateOutputs|/airavata/getJobStatuses|/airavata/getJobDetails|"
+
+                "/airavata/cloneExperiment|/airavata/terminateExperiment|/airavata/getApplicationInterface|/airavata/getAllApplicationInterfaceNames|"
+
+                "/airavata/getAllApplicationInterfaces|/airavata/getApplicationInputs|/airavata/getApplicationOutputs|"
+
+                "/airavata/getAvailableAppInterfaceComputeResources|/airavata/getComputeResource|/airavata/getAllComputeResourceNames|"
+
+                "/airavata/getWorkflow|/airavata/getWorkflowTemplateId|/airavata/isWorkflowExistWithName|/airavata/registerDataProduct|"
+
+                "/airavata/getDataProduct|/airavata/registerReplicaLocation|/airavata/getParentDataProduct|/airavata/getChildDataProducts");
+
+        initializeSecurityInfra();
+    }
+
+    /**
+     * Implement this method in your SecurityManager to perform necessary initializations
at the server startup.
+     *
+     * @throws AiravataSecurityException
+     */
+    @Override
+    public void initializeSecurityInfra() throws AiravataSecurityException {
+        try {
+            //initialize SSL context with the trust store that contains the public cert of
WSO2 Identity Server.
+            TrustStoreManager trustStoreManager = new TrustStoreManager();
+            trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(),
+                    ServerSettings.getTrustStorePassword());
+        } catch (Exception e) {
+            throw new AiravataSecurityException(e.getMessage(), e);
+        }
+
+    }
+
+    /**
+     * Implement this method with the user authentication/authorization logic in your SecurityManager.
+     *
+     * @param authzToken : this includes OAuth token and user's claims
+     * @param metaData   : this includes other meta data needed for security enforcements.
+     * @return
+     * @throws AiravataSecurityException
+     */
+    @Override
+    public boolean isUserAuthorized(AuthzToken authzToken, Map<String, String> metaData)
throws AiravataSecurityException {
+        String subject = authzToken.getClaimsMap().get(Constants.USER_NAME);
+        String accessToken = authzToken.getAccessToken();
+        String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+        String action = metaData.get(Constants.API_METHOD_NAME);
+        try {
+            if (!ServerSettings.isAPISecured()) {
+                return true;
+            }
+
+            if (ServerSettings.isAuthzCacheEnabled()) {
+                //obtain an instance of AuthzCacheManager implementation.
+                AuthzCacheManager authzCacheManager = AuthzCacheManagerFactory.getAuthzCacheManager();
+
+                //check in the cache
+                AuthzCachedStatus authzCachedStatus = authzCacheManager.getAuthzCachedStatus(
+                        new AuthzCacheIndex(subject, gatewayId, accessToken, action));
+
+                if (AuthzCachedStatus.AUTHORIZED.equals(authzCachedStatus)) {
+                    logger.debug("Authz decision for: (" + subject + ", " + accessToken +
", " + action + ") is retrieved from cache.");
+                    return true;
+                } else if (AuthzCachedStatus.NOT_AUTHORIZED.equals(authzCachedStatus)) {
+                    logger.debug("Authz decision for: (" + subject + ", " + accessToken +
", " + action + ") is retrieved from cache.");
+                    return false;
+                } else if (AuthzCachedStatus.NOT_CACHED.equals(authzCachedStatus)) {
+                    logger.debug("Authz decision for: (" + subject + ", " + accessToken +
", " + action + ") is not in the cache. " +
+                            "Obtaining it from the authorization server.");
+                    String[] roles = getUserRolesFromOAuthToken(subject, accessToken, gatewayId);
+                    boolean authorizationDecision = hasPermission(roles, action);
+                    //cache the authorization decision
+                    long currentTime = System.currentTimeMillis();
+                    //TODO get the actual token expiration time
+                    authzCacheManager.addToAuthzCache(new AuthzCacheIndex(subject, gatewayId,
accessToken, action),
+                            new AuthzCacheEntry(authorizationDecision, currentTime + 1000
* 60 * 60, currentTime));
+                    return authorizationDecision;
+                } else {
+                    //undefined status returned from the authz cache manager
+                    throw new AiravataSecurityException("Error in reading from the authorization
cache.");
+                }
+            } else {
+                String[] roles = getUserRolesFromOAuthToken(subject, accessToken, gatewayId);
+                return hasPermission(roles, action);
+            }
+
+        } catch (ApplicationSettingsException e) {
+            e.printStackTrace();
+            throw new AiravataSecurityException(e.getMessage(), e);
+        } catch (Exception e) {
+            e.printStackTrace();
+            throw new AiravataSecurityException(e.getMessage(), e);
+        }
+    }
+
+    private String[] getUserRolesFromOAuthToken(String username, String token, String gatewayId)
throws Exception {
+        String openIdConnectUrl = ServerSettings.getRemoteOpenIdDiscoveryUrl();
+        JSONObject openIdConnectConfig = new JSONObject(getFromUrl(openIdConnectUrl, token));
+        String userInfoEndPoint = openIdConnectConfig.getString("userinfo_endpoint");
+        JSONObject userInfo = new JSONObject(getFromUrl(userInfoEndPoint, token));
+        if (!username.equals(userInfo.get("preferred_username"))) {
+            throw new AiravataSecurityException("Subject name and username for the token
doesn't match");
+        }
+        String userId = userInfo.getString("sub");
+
+        GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(gatewayId);
+        String identityServerRelam = gwrp.getIdentityServerTenant();
+        String userRoleMappingUrl = ServerSettings.getRemoteIDPServiceUrl() + "/admin/realms/"
+                + identityServerRelam + "/users/"
+                + userId + "/role-mappings/realm";
+        JSONArray roleMappings = new JSONArray(getFromUrl(userRoleMappingUrl, getAdminAccessToken(gatewayId)));
+        String[] roles = new String[roleMappings.length()];
+        for (int i = 0; i < roleMappings.length(); i++) {
+            roles[i] = (new JSONObject(roleMappings.get(i).toString())).get("name").toString();
+        }
+
+        return roles;
+    }
+
+    public String getFromUrl(String urlToRead, String token) throws Exception {
+        StringBuilder result = new StringBuilder();
+        URL url = new URL(urlToRead);
+        HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+        conn.setRequestMethod("GET");
+        String bearerAuth = "Bearer " + token;
+        conn.setRequestProperty("Authorization", bearerAuth);
+        BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
+        String line;
+        while ((line = rd.readLine()) != null) {
+            result.append(line);
+        }
+        rd.close();
+        return result.toString();
+    }
+
+    private String getAdminAccessToken(String gatewayId) throws TException, ApplicationSettingsException,
IOException {
+        CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
+        GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(gatewayId);
+        PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(),
gwrp.getGatewayID());
+        String username = credential.getLoginUserName();
+        String password = credential.getPassword();
+        String urlString = ServerSettings.getRemoteIDPServiceUrl() + "/realms/master/protocol/openid-connect/token";
+        StringBuilder result = new StringBuilder();
+        URL url = new URL(urlString);
+        HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+        conn.setRequestMethod("POST");
+        conn.setDoOutput(true);
+        String postFields = "client_id=admin-cli&username=" + username + "&password="
+ password + "&grant_type=password";
+        conn.getOutputStream().write(postFields.getBytes());
+        BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
+        String line;
+        while ((line = rd.readLine()) != null) {
+            result.append(line);
+        }
+        rd.close();
+        JSONObject tokenInfo = new JSONObject(result.toString());
+        return tokenInfo.get("access_token").toString();
+    }
+
+
+    private boolean hasPermission(String[] roles, String apiMethod) {
+        for (int i = 0; i < roles.length; i++) {
+            String role = roles[i];
+            if (this.rolePermissionConfig.keySet().contains(role)) {
+                Pattern pattern = Pattern.compile(this.rolePermissionConfig.get(role));
+                Matcher matcher = pattern.matcher(apiMethod);
+                if (matcher.matches())
+                    return true;
+            }
+        }
+        return false;
+    }
+
+    private RegistryService.Client getRegistryServiceClient() throws TException, ApplicationSettingsException
{
+        final int serverPort = Integer.parseInt(ServerSettings.getRegistryServerPort());
+        final String serverHost = ServerSettings.getRegistryServerHost();
+        try {
+            return RegistryServiceClientFactory.createRegistryClient(serverHost, serverPort);
+        } catch (RegistryServiceException e) {
+            throw new TException("Unable to create registry client...", e);
+        }
+    }
+
+    private CredentialStoreService.Client getCredentialStoreServiceClient() throws TException,
ApplicationSettingsException {
+        final int serverPort = Integer.parseInt(ServerSettings.getCredentialStoreServerPort());
+        final String serverHost = ServerSettings.getCredentialStoreServerHost();
+        try {
+            return CredentialStoreClientFactory.createAiravataCSClient(serverHost, serverPort);
+        } catch (CredentialStoreException e) {
+            throw new TException("Unable to create credential store client...", e);
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        KeyCloakSecurityManager keyCloakSecurityManager = new KeyCloakSecurityManager();
+        keyCloakSecurityManager.getUserRolesFromOAuthToken("supun.nakandala@gmail.com", "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJKd1pob2pURlJHaVVCaGh3aFBWUFBVeHpUNmFmTmllZ0lnejZqbHhmR1BRIn0.eyJqdGkiOiIxMjhjMjBhZC1hNTUxLTQ2MWYtODYzNS02NjA1MDkzM2IzOTEiLCJleHAiOjE0OTEyNDE3MzcsIm5iZiI6MCwiaWF0IjoxNDkxMjQxNDM3LCJpc3MiOiJodHRwczovL2lhbS5zY2lnYXAub3JnL2F1dGgvcmVhbG1zL2FpcmF2YXRhIiwiYXVkIjoicGdhIiwic3ViIjoiY2Y2ZDUyNzMtMGEzNC00MTUzLWEyZDktZmMzMWUyMzFiODY4IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoicGdhIiwiYXV0aF90aW1lIjoxNDkxMjM5OTgwLCJzZXNzaW9uX3N0YXRlIjoiNGIzNDRhNGUtNDU3Ny00NDgzLTk0OTItYTJkMjhiYzVmY2E4IiwiYWNyIjoiMCIsImNsaWVudF9zZXNzaW9uIjoiMDhlMjkzOTEtMTRkYS00ZGJmLWI5NzAtMDliNDYwZGM2YmQ2IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJTdXB1biBOYWthbmRhbGEiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzdXB1bi5uYWthbmRhbGFAZ21haWwuY29tIiwiZ2l2ZW5fbmFtZSI6
 IlN1cHVuIiwiZmFtaWx5X25hbWUiOiJOYWthbmRhbGEiLCJlbWFpbCI6InN1cHVuLm5ha2FuZGFsYUBnbWFpbC5jb20ifQ.I93re0YweCBhAAgOVFGbBPEsF7nRjeXQHut8NOdpXiVbeDe1BrcoS5Y86DOPZBWUQBg9GfUF7ZGt4xSatu3aHOOkiANRAAWucwZxuYD8-IXnnrF2ao8lUD94mpORszz_G4ZFcCP6cV6qG9SptdqhvHCYIdH8LvfMCBgjGTe7Um-7RHRrTavaN9b52Wsz-1CQeAcEQkwsGOoyVWUQ_3Cyo2aXpua34DLVJrkSsrSZxIQm5ojq8H3YJzKsssAhMuaIrh5oaDKRr7NjZvzV7aheMt-NwEgKc85Rqk-765tsICBbAjmw7r-cGxlvE32g7HI0-cNjuCVdNOEawoOeD3jH-Q",
"airavata");
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/airavata/blob/4ec28232/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java
----------------------------------------------------------------------
diff --git a/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java
b/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java
index b5fbd4b..59b2d96 100644
--- a/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java
+++ b/modules/commons/src/main/java/org/apache/airavata/common/utils/Constants.java
@@ -35,6 +35,8 @@ public final class Constants {
     public static final String IS_API_SECURED = "api.secured";
     public static final String SECURITY_MANAGER_CLASS = "security.manager.class";
     public static final String REMOTE_OAUTH_SERVER_URL = "remote.oauth.authorization.server";
+    public static final String REMOTE_OPENID_DISCOVERY_URL = "remote.openid.connect.discovery.url";
+    public static final String REMOTE_IDP_SERVICE_URL = "remote.idp.service.url";
     public static final String IS_TLS_ENABLED = "TLS.enabled";
     public static final String TLS_SERVER_PORT = "TLS.api.server.port";
     public static final String KEYSTORE_PATH = "keystore.path";

http://git-wip-us.apache.org/repos/asf/airavata/blob/4ec28232/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
----------------------------------------------------------------------
diff --git a/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
b/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
index 49fdc54..559d44d 100644
--- a/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
+++ b/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
@@ -329,6 +329,15 @@ public class ServerSettings extends ApplicationSettings {
         return getSetting(Constants.REMOTE_OAUTH_SERVER_URL);
     }
 
+    public static String getRemoteOpenIdDiscoveryUrl() throws ApplicationSettingsException
{
+        return getSetting(Constants.REMOTE_OPENID_DISCOVERY_URL);
+    }
+
+    public static String getRemoteIDPServiceUrl() throws ApplicationSettingsException {
+        return getSetting(Constants.REMOTE_IDP_SERVICE_URL);
+    }
+
+
     public static String getAuthorizationPoliyName() throws ApplicationSettingsException
{
         return getSetting(Constants.AUTHORIZATION_POLICY_NAME);
     }

http://git-wip-us.apache.org/repos/asf/airavata/blob/4ec28232/modules/configuration/server/src/main/resources/airavata-server.properties
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/airavata-server.properties b/modules/configuration/server/src/main/resources/airavata-server.properties
index fd1449f..5450fc4 100644
--- a/modules/configuration/server/src/main/resources/airavata-server.properties
+++ b/modules/configuration/server/src/main/resources/airavata-server.properties
@@ -325,6 +325,11 @@ authz.cache.enabled=true
 authz.cache.manager.class=org.apache.airavata.api.server.security.authzcache.DefaultAuthzCacheManager
 in.memory.cache.size=1000
 
+#### remote idp service url for KeyCloak based setup####
+remote.idp.service.url=https://iam.scigap.org/auth
+#### remote openid connect discovery url for KeyCloak based setup ####
+remote.openid.connect.discovery.url=https://iam.scigap.org/auth/realms/airavata/.well-known/openid-configuration
+
 # Kafka Logging related configuration
 isRunningOnAws=false
 kafka.broker.list=localhost:9092

http://git-wip-us.apache.org/repos/asf/airavata/blob/4ec28232/modules/configuration/server/src/main/resources/client_truststore.jks
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/client_truststore.jks b/modules/configuration/server/src/main/resources/client_truststore.jks
index 21e4e62..f9805a3 100644
Binary files a/modules/configuration/server/src/main/resources/client_truststore.jks and b/modules/configuration/server/src/main/resources/client_truststore.jks
differ


Mime
View raw message