airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From DImuthu Upeksha <dimuthu.upeks...@gmail.com>
Subject Re: Airavata User management
Date Tue, 14 Apr 2015 10:22:44 GMT
Hi Hasini,

Thank you for the quick response. Because I'm working on porting GridChem
client to use Airavata APIs, user authentication is also a part for me to
figure out. I went through you proposal for ticket [1] and believe that I
can refer to you design because authentication part at Airavata API may
depend on your solution. If I understood your proposal correctly, from
Airavata API side you introduce another parameter for each existing method
to accept OAuth Access Token and forward it to Security Manager. Am I
correct?

[1] https://issues.apache.org/jira/browse/AIRAVATA-1624

Thanks
Dimuthu

On Tue, Apr 14, 2015 at 4:53 AM, Hasini Gunasinghe <hasi7786@gmail.com>
wrote:

> Hi Dimuthu,
>
> Please find the answers inline.
>
> On Mon, Apr 13, 2015 at 6:37 PM, DImuthu Upeksha <
> dimuthu.upeksha2@gmail.com> wrote:
>
>> Hi all,
>>
>> I have few points to get clarified about user management in Airavata
>> server
>>
>> 1. When I start the server there is an error log
>>
>> [ERROR] The Credential Store Server did not start!!!
>>
>> Where is this credential store? How should I configure it?
>>
> This has been answered in a previous thread. I am copying below the answer
> given by Chathuri in the thread "Resolving the issues in the Airavata
> server statup"
>
> *"Credential store thrift service is not starting by default. If you want
> to start credential store service, you need to configure it in
> airavata-server.properties. You will see below set of properties under
> "Credential Store module Configuration" in airavata-server.properties*
>
> *start.credential.store=false*
> *credential.store.keystore.url=**/Users/chathuri/dev/airavata/*
> *credential-store/oa4mp/**airavata_sym.jks*
> *credential.store.keystore.**alias=airavata*
> *credential.store.keystore.**password=airavata*
> *credential.store.jdbc.url=**jdbc:derby://localhost:1527/*
> *experiment_catalog;create=**true;user=airavata;password=**airavata*
> *credential.store.jdbc.user=**airavata*
> *credential.store.jdbc.**password=airavata*
> *credential.store.jdbc.driver=**org.apache.derby.jdbc.**ClientDriver*
> *credential.store.server.host=**localhost*
> *credential.store.server.port=**8960*
> *credentialstore=org.apache.**airavata.credential.store.*
> *server.CredentialStoreServer*
> *credential.store.thrift.**server.keystore=/Users/*
> *chathuri/dev/airavata/**credential-store/oa4mp/**airavata.jks*
> *credential.store.thrift.**server.keystore.password=**airavata*
>
> *You need to make start.credential.store as true. You need to generate
> symmetric key and specify that path for credential.store.keystore.url.
> Credential store thrift service is a secured TLS service.  You need to
> generate a keystore file and specify the path and password in the
> properties credential.store.thrift.**server.keystore,
> credential.store.thrift.*
>
> *server.keystore.password. If you specify all these properties, credential
> store will be start as a secured thrift service."*
>
>> What is the usage of this credential store?
>>
> AFAIU, Credential store is used to store the credentials/tokens that are
> used by Airavata to authenticate to different grid servers. This paper is
> on Airavata Credential Store:
>
> https://scholarworks.iu.edu/dspace/bitstream/handle/2022/17379/ccgrid_2014_credential_store.pdf?sequence=1
>
>
>> 2. When I go through Airavata.Client API and client samples I could not
>> see that there is a authentication mechanism for users who access it
>> (Please correct me if there is a way). If so what is the use of a
>> Credentials Store?
>>
>
> As mentioned before, credential store stores the tokens for Airavata to
> authenticate to grid servers, not the end-user credentials.
>
>>
>> 3. How does the user authorisation is done in Airavata?
>>
>
> Currently, end users are not authenticated/authorized at the Airavata API.
> This https://issues.apache.org/jira/browse/AIRAVATA-1624 proposes a
> solution for that.
>
> Thanks,
> Hasini.
>
>>
>> Thanks
>> Dimuthu
>>
>> --
>> Regards
>>
>> W.Dimuthu Upeksha
>> Undergraduate
>> Department of Computer Science And Engineering
>>
>> University of Moratuwa, Sri Lanka
>>
>
>


-- 
Regards

W.Dimuthu Upeksha
Undergraduate
Department of Computer Science And Engineering

University of Moratuwa, Sri Lanka

Mime
View raw message