Difference between revisions of "User Management Service"

From Gcube Wiki
Jump to: navigation, search
(Overview)
Line 6: Line 6:
 
[[Image:UserManagement.jpg|frame|center|SOA3 User Management Module]]
 
[[Image:UserManagement.jpg|frame|center|SOA3 User Management Module]]
  
shows two databases and two kinds of interfaces. The actual implementation consists of two independent modules:  
+
shows two databases and two interfaces. The actual implementation consists of two independent modules:  
  
 
* the old D4Science User Management Module, exposing SOAP interfaces and based on Liferay Database
 
* the old D4Science User Management Module, exposing SOAP interfaces and based on Liferay Database

Revision as of 12:34, 12 March 2013

Overview

SOA3 User Management Service is described, at high level, in SOA3 User Management Module. The block diagram of the architecture,

SOA3 User Management Module

shows two databases and two interfaces. The actual implementation consists of two independent modules:

  • the old D4Science User Management Module, exposing SOAP interfaces and based on Liferay Database
  • the new SOA3 User Management Module, exposing REST interfaces and based on LDAP

The two modules are synchronized by a special job: in this section a detailed description of REST based SOA3 User Management Module will be provided. For the other module see D4Sciece documentation.

Functionalities

The Service endpoint is:

 http(s)://hostname:port/userService

and exposes CRUD operation on Users, Groups and Roles stored in an LDAP Directory: the LDAP implementation used is OpenDS. The three is organized in the following way:

SOA3 LDAP Organization


A Default Organization is defined: every user can belong to a single organization. Groups and roles are more flexible.

An exaustive list of the REST CRUD operations on Organizations, Users, Groups and Roles is provided in UserManagement REST API.

SOA3 User Management Service is also used by SOA3 Connector for DN based authentication: in particular, it makes uses of Certificate optional field, which contains an X509 Distinguished Name bound to the user. The service exposes the method:

GET  usermanager/certificate/{certificateDN}/{organizationName}

where certificateDN is mandatory and organizationName is optional. SOA3 Connector calls this method when a container has authenticated a request only at Transport Level and asks if the DN is associated to an user. More details are provided in SOA3 Connector.