airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Reagan, David Michael" <>
Subject RE: [GSoC] Status Update
Date Fri, 20 Jun 2014 18:41:21 GMT
Thanks for the clarification, Supun. Let me see if I understand things correctly:

-          The gateway will authenticate with the userAPI using credentials stored in a config
file (via adminLogin)

-          Once authenticated, the userAPI will replace the PHP-Reference-Gateway’s id_utilities
interface for authenticating/adding/etc users

So the gateway itself is an admin, but how can an individual user become an admin?

When an admin user logs in to the gateway, how will the gateway know the user is an admin?
Perhaps like this:

-          The user authenticates in the normal login page, and both authenticateUser and
adminLogin functions are called.

o   If authenticateUser returns true, the user is logged in (setting the username and logged_in
session variables)

o   If adminLogin returns the token, the user is logged in with admin priviledges (probably
by storing the token in a session variable). If no token is returned, the session variable
remains null and the user is treated as a standard user.

Does that sound correct?


From: Supun Nakandala []
Sent: Friday, June 20, 2014 1:20 PM
Subject: Re: [GSoC] Status Update

Hi Dave,

I was planning to have a separate tenant for each gateway. For example PHP-Reference-Gateway
has a separate tenant in the WSO2 IS. Each of these have a tenant admin (can have more than
one). And gateways has to use the tenant admin credentials to use the UserAPI.

The adminLogin and adminLogout functions are for the gateways to authenticate with the UserAPI
using the given tenant admin credentials.

After authenticating using the tenant admin credentials gateways can use the API to do the
given operations. Standard users cannot log in to the UserAPI (only the tenant admin can login).
But the gateways can authenticate uses via the API given the user's username and password.

If we need to distinguish different users separately  we can create user groups and add users
to groups. But still I don't have added this functionality to the UserAPI.

On Fri, Jun 20, 2014 at 8:17 PM, Reagan, David Michael <<>>
Hi, Supun. Are the adminLogin and adminLogout functions just for admin users? Can you explain
a bit about how the ID server differentiates standard vs admin users, and how you think the
gateway should be able to tell which kind a user a person is?


From: Amila Jayasekara [<>]
Sent: Friday, June 20, 2014 9:31 AM
To: dev
Subject: Re: [GSoC] Status Update

Nice !


On Fri, Jun 20, 2014 at 7:16 AM, Supun Nakandala <<>>
Hi All,

I have added some php client sample code to the repository [1].

Thank you

[1] -

On Wed, Jun 18, 2014 at 10:05 PM, Supun Nakandala <<>>
Hi All,

During the last week I drafted a basic user api description for Airavata user management.
You can find the thrift descriptor files at [1]. I have also implemented the server side code
and hosted in the same github repository. I did not tried to come up with a complete list
of user management requirements but rather implemented the most frequently required ones.
As the requirements change I plan to modify the api iteratively. I appreciate if you can provide
feedback on the drafted user management api.

My next target is to implement a php client for this api and integrate it with the PHP-Reference-Gateway

Thank you

[1] -

Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa

Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa
View raw message