User Management Service

From Gcube Wiki
Jump to: navigation, search

Overview

The SOA3 User Management Service is described, at high level, in the SOA3 User Management Module page. The block diagram of the architecture,

SOA3 User Management Module

contains two databases and two interfaces. The actual implementation consists of two independent modules:

  • the old D4Science User Management Module, exposing SOAP interfaces and based on Liferay Database
  • the new SOA3 User Management Module, exposing REST interfaces and based on LDAP

The two modules are synchronized by a background job: in this section a detailed description of REST based SOA3 User Management Module will be provided.

Functionalities

The Service endpoint is:

 http(s)://hostname:port/userService

and exposes CRUD operation on Users, Groups and Roles stored in an LDAP Directory: the LDAP implementation used is OpenDS and the three is organized in the following way:

SOA3 LDAP Organization


A Default Organization is defined and every user can belong to a single organization. However, inside the organization, an user can be associated to one or more groups and one or more roles without limitations.

An exhaustive list of the REST CRUD operations on Organizations, Users, Groups and Roles is provided in the UserManagement REST API page.

The SOA3 User Management Service is also used by the SOA3 Connector for DN based authentication: in particular, it makes uses of the Certificate optional field, which contains an X509 Distinguished Name bound to the user.

The service exposes the method:

GET  usermanager/certificate/{certificateDN}/{organizationName}

where certificateDN is mandatory and organizationName is optional. The SOA3 Connector invokes this method when a container has authenticated a request only at Transport Level and asks if the DN is associated to an user. More details are provided in the SOA3 Connector page.