User Management Service
The SOA3 User Management Service is described, at high level, in the SOA3 User Management Module page. The block diagram of the architecture,
contains two databases and two interfaces. The actual implementation consists of two independent modules:
- the old D4Science User Management Module, exposing SOAP interfaces and based on Liferay Database
- the new SOA3 User Management Module, exposing REST interfaces and based on LDAP
The two modules are synchronized by a background job: in this section a detailed description of REST based SOA3 User Management Module will be provided.
The Service endpoint is:
and exposes CRUD operation on Users, Groups and Roles stored in an LDAP Directory: the LDAP implementation used is OpenDS and the three is organized in the following way:
A Default Organization is defined and every user can belong to a single organization. However, inside the organization, an user can be associated to one or more groups and one or more roles without limitations.
An exhaustive list of the REST CRUD operations on Organizations, Users, Groups and Roles is provided in the UserManagement REST API page.
The SOA3 User Management Service is also used by the SOA3 Connector for DN based authentication: in particular, it makes uses of the Certificate optional field, which contains an X509 Distinguished Name bound to the user.
The service exposes the method:
where certificateDN is mandatory and organizationName is optional. The SOA3 Connector invokes this method when a container has authenticated a request only at Transport Level and asks if the DN is associated to an user. More details are provided in the SOA3 Connector page.