Difference between revisions of "User Management Service"
(→Overview) |
Andrea.manzi (Talk | contribs) (→Functionalities) |
||
(4 intermediate revisions by 2 users not shown) | |||
Line 2: | Line 2: | ||
==Overview== | ==Overview== | ||
− | SOA3 User Management Service is described, at high level, in [[SOA3 User Management Module]]. The block diagram of the architecture, | + | The SOA3 User Management Service is described, at high level, in the [[SOA3 User Management Module]] page. The block diagram of the architecture, |
[[Image:UserManagement.jpg|frame|center|SOA3 User Management Module]] | [[Image:UserManagement.jpg|frame|center|SOA3 User Management Module]] | ||
− | + | contains two databases and two interfaces. The actual implementation consists of two independent modules: | |
* the old D4Science User Management Module, exposing SOAP interfaces and based on Liferay Database | * the old D4Science User Management Module, exposing SOAP interfaces and based on Liferay Database | ||
* the new SOA3 User Management Module, exposing REST interfaces and based on LDAP | * the new SOA3 User Management Module, exposing REST interfaces and based on LDAP | ||
− | The two modules are synchronized by a | + | The two modules are synchronized by a background job: in this section a detailed description of REST based SOA3 User Management Module will be provided. |
==Functionalities== | ==Functionalities== | ||
Line 18: | Line 18: | ||
http(s)://hostname:port/userService | http(s)://hostname:port/userService | ||
− | and exposes CRUD operation on Users, Groups and Roles stored in an LDAP Directory: the LDAP implementation used is OpenDS | + | and exposes CRUD operation on Users, Groups and Roles stored in an LDAP Directory: the LDAP implementation used is OpenDS and the three is organized in the following way: |
[[Image:SOA3LDAP.png|frame|center|SOA3 LDAP Organization]] | [[Image:SOA3LDAP.png|frame|center|SOA3 LDAP Organization]] | ||
− | A Default Organization is defined | + | A Default Organization is defined and every user can belong to a single organization. However, inside the organization, an user can be associated to one or more groups and one or more roles without limitations. |
− | An | + | An exhaustive list of the REST CRUD operations on Organizations, Users, Groups and Roles is provided in the [[UserManagement REST API]] page. |
+ | |||
+ | The SOA3 User Management Service is also used by the [[SOA3 Connector]] for DN based authentication: in particular, it makes uses of the ''Certificate'' optional field, which contains an X509 Distinguished Name bound to the user. | ||
− | |||
The service exposes the method: | The service exposes the method: | ||
GET usermanager/certificate/{certificateDN}/{organizationName} | GET usermanager/certificate/{certificateDN}/{organizationName} | ||
− | where ''certificateDN'' is mandatory and ''organizationName'' is optional. SOA3 Connector | + | where ''certificateDN'' is mandatory and ''organizationName'' is optional. The SOA3 Connector invokes this method when a container has authenticated a request only at Transport Level and asks if the DN is associated to an user. More details are provided in the [[SOA3 Connector]] page. |
Latest revision as of 12:34, 10 December 2013
Contents
Overview
The SOA3 User Management Service is described, at high level, in the SOA3 User Management Module page. The block diagram of the architecture,
contains two databases and two interfaces. The actual implementation consists of two independent modules:
- the old D4Science User Management Module, exposing SOAP interfaces and based on Liferay Database
- the new SOA3 User Management Module, exposing REST interfaces and based on LDAP
The two modules are synchronized by a background job: in this section a detailed description of REST based SOA3 User Management Module will be provided.
Functionalities
The Service endpoint is:
http(s)://hostname:port/userService
and exposes CRUD operation on Users, Groups and Roles stored in an LDAP Directory: the LDAP implementation used is OpenDS and the three is organized in the following way:
A Default Organization is defined and every user can belong to a single organization. However, inside the organization, an user can be associated to one or more groups and one or more roles without limitations.
An exhaustive list of the REST CRUD operations on Organizations, Users, Groups and Roles is provided in the UserManagement REST API page.
The SOA3 User Management Service is also used by the SOA3 Connector for DN based authentication: in particular, it makes uses of the Certificate optional field, which contains an X509 Distinguished Name bound to the user.
The service exposes the method:
GET usermanager/certificate/{certificateDN}/{organizationName}
where certificateDN is mandatory and organizationName is optional. The SOA3 Connector invokes this method when a container has authenticated a request only at Transport Level and asks if the DN is associated to an user. More details are provided in the SOA3 Connector page.