cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rohit Yadav <rohit.ya...@shapeblue.com>
Subject Re: [SHOW] Authentication refactoring
Date Tue, 12 Aug 2014 10:40:50 GMT
>From the user end there is no change, not in UI or any change expected in clients except
one:
Since login and logout are now implemented like your regular api, we don’t allow uses to
call login and logout and other such AuthenticatorAPIs directly like via integration port

Stephen, I’m not sure if we natively support RSA and other things at present we only have
our custom login auth mechanism, signature/key based auth and a simple SSO (pre-shared key)
methods. This refactoring will open doors for saml, oauth and possibly others.

This is merged on master now, even though I did testing at my end please let me know if something
got broke? From the outside world nothing should break, i.e. refactoring.

Cheers.

On 12-Aug-2014, at 12:32 pm, Stephen Turner <Stephen.Turner@citrix.com> wrote:

> Are there any UI changes? Some auth mechanisms might need more than just username and
password (RSA token, for example, or even just "give the 1st, 4th and 5th characters").
>
> --
> Stephen Turner
>
>
> -----Original Message-----
> From: Rohit Yadav [mailto:rohit.yadav@shapeblue.com]
> Sent: 12 August 2014 04:51
> To: dev
> Subject: [SHOW] Authentication refactoring
>
> Hi,
>
> The way we handle login and logout is hardcoded and since there is no APICommand/BaseCmd
implementation the apidoc, apidiscovery and other don't discover these apis. For supporting
SAML as an authentication mechanism, I've refactored the Auth mechanism as a pluggable service
that loads with api-server artifact and both login and logout are now implemented as a pseduo
BaseCmd classes.
>
> I call them pseudo because their execute() is never called, the authentication guards
in ApiServlet class make sure we call an authenticate method of such classes. Since, they
are tightly coupled with cloud-server's ApiServlet it only made sense to have the interface
definition and implementation within the same package/artifact as well. This also solves the
apidoc issue for login/logout and saml related auth apis.
>
> I'll merge them after sometime and continue working on saml stuff. Will push the code
in the branch "auth-refactor" in an hour for review/testing now. This does not break anything
and should not cause any auth related issues for all existing clients.
>
> Any suggestions, feedback welcome! Refactoring was pretty straight forward but I'll make
sure to write a wiki page on this before merging to master.
>
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> M. +41 779015219 | rohit.yadav@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
>
>
>
> Find out more about ShapeBlue and our range of CloudStack related services
>
> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
> CSForge - rapid IaaS deployment framework<http://shapeblue.com/csforge/>
> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
>
> This email and any attachments to it may be confidential and are intended solely for
the use of the individual to whom it is addressed. Any views or opinions expressed are solely
those of the author and do not necessarily represent those of Shape Blue Ltd or related companies.
If you are not the intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender if you believe
you have received this email in error. Shape Blue Ltd is a company incorporated in England
& Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated
under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated
in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
registered by The Republic of South Africa and is traded under license from Shape Blue Ltd.
ShapeBlue is a registered trademark.

Regards,
Rohit Yadav
Software Architect, ShapeBlue
M. +41 779015219 | rohit.yadav@shapeblue.com
Blog: bhaisaab.org | Twitter: @_bhaisaab



Find out more about ShapeBlue and our range of CloudStack related services

IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>

This email and any attachments to it may be confidential and are intended solely for the use
of the individual to whom it is addressed. Any views or opinions expressed are solely those
of the author and do not necessarily represent those of Shape Blue Ltd or related companies.
If you are not the intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender if you believe
you have received this email in error. Shape Blue Ltd is a company incorporated in England
& Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated
under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated
in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
registered by The Republic of South Africa and is traded under license from Shape Blue Ltd.
ShapeBlue is a registered trademark.

Mime
View raw message