Return-Path: 
 <dev-return-62622-apmail-cloudstack-dev-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-dev-archive@www.apache.org
Delivered-To: apmail-cloudstack-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1B876CD9F
	for <apmail-cloudstack-dev-archive@www.apache.org>;
 Tue, 12 Aug 2014 10:41:19 +0000 (UTC)
Received: (qmail 80411 invoked by uid 500); 12 Aug 2014 10:41:18 -0000
Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org
Received: (qmail 80366 invoked by uid 500); 12 Aug 2014 10:41:18 -0000
Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:dev@cloudstack.apache.org>
List-Id: <dev.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list dev@cloudstack.apache.org
Received: (qmail 80354 invoked by uid 99); 12 Aug 2014 10:41:18 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Aug 2014 10:41:18 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of rohit.yadav@shapeblue.com
 designates 213.199.154.19 as permitted sender)
Received: from [213.199.154.19] (HELO
 emea01-am1-obe.outbound.protection.outlook.com) (213.199.154.19)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Aug 2014 10:41:13 +0000
Received: from DBXPR07MB480.eurprd07.prod.outlook.com (10.141.231.154) by
 DBXPR07MB480.eurprd07.prod.outlook.com (10.141.231.154) with Microsoft SMTP
 Server (TLS) id 15.0.1005.10; Tue, 12 Aug 2014 10:40:50 +0000
Received: from DBXPR07MB480.eurprd07.prod.outlook.com ([10.141.231.154]) by
 DBXPR07MB480.eurprd07.prod.outlook.com ([10.141.231.154]) with mapi id
 15.00.1005.008; Tue, 12 Aug 2014 10:40:50 +0000
From: Rohit Yadav <rohit.yadav@shapeblue.com>
To: "dev@cloudstack.apache.org" <dev@cloudstack.apache.org>
Subject: Re: [SHOW] Authentication refactoring
Thread-Topic: [SHOW] Authentication refactoring
Thread-Index: AQHPteCagiiiwBp+ZUKvnz8BSIC5f5vMxTKQgAACz4A=
Date: Tue, 12 Aug 2014 10:40:50 +0000
Message-ID: <31F89D57-DBA8-4EC9-B9BD-B641805F784A@shapeblue.com>
References: <AB2E274A-DEEA-40E9-937A-9A3A7C71B65C@shapeblue.com>
 <85B56B1AEDD2674A82DEC8B61E1218294208C1@AMSPEX01CL01.citrite.net>
In-Reply-To: <85B56B1AEDD2674A82DEC8B61E1218294208C1@AMSPEX01CL01.citrite.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [178.199.146.103]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;UriScan:;
x-forefront-prvs: 0301360BF5
x-forefront-antispam-report: 
 SFV:NSPM;SFS:(6009001)(189002)(199003)(24454002)(13734003)(13464003)(51704005)(377454003)(87936001)(2656002)(15975445006)(110136001)(79102001)(19580395003)(19580405001)(92726001)(105586002)(106356001)(83072002)(95666004)(15395725005)(76176999)(66066001)(36756003)(76482001)(85852003)(20776003)(83716003)(21056001)(54356999)(46102001)(81342001)(551544002)(85306004)(82746002)(50986999)(80022001)(33656002)(74662001)(99396002)(107886001)(86362001)(77982001)(92566001)(4396001)(15202345003)(106116001)(107046002)(101416001)(31966008)(74502001)(81542001)(2351001)(83322001)(104396001)(2501001);DIR:OUT;SFP:;SCL:1;SRVR:DBXPR07MB480;H:DBXPR07MB480.eurprd07.prod.outlook.com;FPR:;MLV:sfv;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <00179B246C15F6448FBA5DD21ACA8377@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: shapeblue.com
X-Virus-Checked: Checked by ClamAV on apache.org

>From the user end there is no change, not in UI or any change expected in c=
lients except one:
Since login and logout are now implemented like your regular api, we don=92=
t allow uses to call login and logout and other such AuthenticatorAPIs dire=
ctly like via integration port

Stephen, I=92m not sure if we natively support RSA and other things at pres=
ent we only have our custom login auth mechanism, signature/key based auth =
and a simple SSO (pre-shared key) methods. This refactoring will open doors=
 for saml, oauth and possibly others.

This is merged on master now, even though I did testing at my end please le=
t me know if something got broke? From the outside world nothing should bre=
ak, i.e. refactoring.

Cheers.

On 12-Aug-2014, at 12:32 pm, Stephen Turner <Stephen.Turner@citrix.com> wro=
te:

> Are there any UI changes? Some auth mechanisms might need more than just =
username and password (RSA token, for example, or even just "give the 1st, =
4th and 5th characters").
>
> --
> Stephen Turner
>
>
> -----Original Message-----
> From: Rohit Yadav [mailto:rohit.yadav@shapeblue.com]
> Sent: 12 August 2014 04:51
> To: dev
> Subject: [SHOW] Authentication refactoring
>
> Hi,
>
> The way we handle login and logout is hardcoded and since there is no API=
Command/BaseCmd implementation the apidoc, apidiscovery and other don't dis=
cover these apis. For supporting SAML as an authentication mechanism, I've =
refactored the Auth mechanism as a pluggable service that loads with api-se=
rver artifact and both login and logout are now implemented as a pseduo Bas=
eCmd classes.
>
> I call them pseudo because their execute() is never called, the authentic=
ation guards in ApiServlet class make sure we call an authenticate method o=
f such classes. Since, they are tightly coupled with cloud-server's ApiServ=
let it only made sense to have the interface definition and implementation =
within the same package/artifact as well. This also solves the apidoc issue=
 for login/logout and saml related auth apis.
>
> I'll merge them after sometime and continue working on saml stuff. Will p=
ush the code in the branch "auth-refactor" in an hour for review/testing no=
w. This does not break anything and should not cause any auth related issue=
s for all existing clients.
>
> Any suggestions, feedback welcome! Refactoring was pretty straight forwar=
d but I'll make sure to write a wiki page on this before merging to master.
>
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> M. +41 779015219 | rohit.yadav@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
>
>
>
> Find out more about ShapeBlue and our range of CloudStack related service=
s
>
> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-buil=
d//>
> CSForge - rapid IaaS deployment framework<http://shapeblue.com/csforge/>
> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrast=
ructure-support/>
> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-trai=
ning/>
>
> This email and any attachments to it may be confidential and are intended=
 solely for the use of the individual to whom it is addressed. Any views or=
 opinions expressed are solely those of the author and do not necessarily r=
epresent those of Shape Blue Ltd or related companies. If you are not the i=
ntended recipient of this email, you must neither take any action based upo=
n its contents, nor copy or show it to anyone. Please contact the sender if=
 you believe you have received this email in error. Shape Blue Ltd is a com=
pany incorporated in England & Wales. ShapeBlue Services India LLP is a com=
pany incorporated in India and is operated under license from Shape Blue Lt=
d. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil a=
nd is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a=
 company registered by The Republic of South Africa and is traded under lic=
ense from Shape Blue Ltd. ShapeBlue is a registered trademark.

Regards,
Rohit Yadav
Software Architect, ShapeBlue
M. +41 779015219 | rohit.yadav@shapeblue.com
Blog: bhaisaab.org | Twitter: @_bhaisaab



Find out more about ShapeBlue and our range of CloudStack related services

IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build/=
/>
CSForge =96 rapid IaaS deployment framework<http://shapeblue.com/csforge/>
CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastru=
cture-support/>
CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-traini=
ng/>

This email and any attachments to it may be confidential and are intended s=
olely for the use of the individual to whom it is addressed. Any views or o=
pinions expressed are solely those of the author and do not necessarily rep=
resent those of Shape Blue Ltd or related companies. If you are not the int=
ended recipient of this email, you must neither take any action based upon =
its contents, nor copy or show it to anyone. Please contact the sender if y=
ou believe you have received this email in error. Shape Blue Ltd is a compa=
ny incorporated in England & Wales. ShapeBlue Services India LLP is a compa=
ny incorporated in India and is operated under license from Shape Blue Ltd.=
 Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and=
 is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a c=
ompany registered by The Republic of South Africa and is traded under licen=
se from Shape Blue Ltd. ShapeBlue is a registered trademark.