Hi Supun,
I have followed the steps that Sachin gave and was able to configure the
nextcloud with the keycloak server locally. The nextcloud interface will
re-direct to the keycloak server to authenticate with the username and password.
Since, we have a file upload service code that will upload the file into the
nextcloud without the keycloak authentication, I have few of the following
questions that I need your help with respect to the seagrid-rich client, we
need to integrate this in such a way that the fileupload service will get
authenticated with the keycloak server and then proceed to be upload the file.
1>Does the seagrid-rich client is currently configured to be authenticated with
the keycloak server?
2>I looked into the following code:-
*https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/storage/GuiFileTask.java
In this, the sftp session is getting authenticated with the oauth token.
In the same way, is it possible to use the existing authentication mechanism to
get the nextcloud authenticated? (by configuring the nextcloud login endpoint
as the client in the existing keycloak server).
3> The token is being received from the Airvata Manager at
*https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/airavata/AiravataManager.java
and I believe the token is set during the intial login.
Do you have any more of the details that I can look into to integrate the
existing authentication mechanism in seagrid-rich client to login to the
nextcloud server?
Regards
Karan
________________________________
From: Kotabagi, Karan <kkota...@iu.edu>
Sent: Saturday, May 19, 2018 11:03 AM
To: Kariyattin, Sachin; Supun Nakandala
Cc: Marru, Suresh; dev@airavata.apache.org
Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata
@Sachin, @Supun,
Thanks for the information, I will look into the same.
Regards
Karan
________________________________
From: Supun Nakandala <supun.nakand...@gmail.com>
Sent: Saturday, May 19, 2018 12:07 AM
To: dev
Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata
Hi Karan,
In my opinion, the ideal approach to use in this scenario would be OAuth based
authorization. KeyCloak supports OAuth and you can register a service provider
and use that to give a prompt to the user to authorize the desktop client to
communicate with the NextCloud server.
After the user authorizes the client, KeyCloak will issue an access token which
can be used on behalf of the user. NextCloud server will have to use this token
and get it validated from the KeyCloak server to ensure the token bearer is
authorized to access the NextCloud server.
For obtaining this access token there several grant flows in OAuth that you can
use. Based on the type of the client and the level of security you can decide
which grant flow to use.
https://alexbilbie.com/guide-to-oauth-2-grants/ contains a good summary of
OAuth grant flows. I think the implicit grant flow will be most appropriate in
this scenario.
[1] -
https://scholarworks.iu.edu/dspace/bitstream/handle/2022/21092/airavata-security-escience16.pdf?sequence=1
On Fri, May 18, 2018 at 8:55 PM, Sachin Kariyattin
<sachin9...@gmail.com<mailto:sachin9...@gmail.com>> wrote:
Hi Karan,
The following wiki lists the basic steps to configure keycloak with NextCloud
https://github.com/sachinkariyattin/NextCloud/wiki
This can get you started
On Fri, May 18, 2018 at 7:57 PM, Kotabagi, Karan
<kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote:
Hi All,
I am working with the following Seagrid-rich client to replace the file upload
mechanism with the next cloud instead of the SFTP.
I have the different nextcloud API code set-up that uploads the file to the
Nextcloud server that is set-up locally in Ubuntu. At present the password is
hardcoded, so this should be authenticated with the help of keycloak as
discussed with Suresh.
I have discussed the things with Sachin and I have received some inputs to
proceed with keycloak authentication and after that I can proceed to implement
the same with the nextcloud API, after this is successful I need to integrate
nextcloud API with the Seagrid-rich client.
Further steps will also include to set-up Nextcloud in the existing file server
and point the upload of the input files from the client to the same location
where the existing files are saved (This needs to be further looked into with
all the configurations).
Any suggestions or inputs to proceed with the keycloak authentication mechanism
to work instead of the password would be appreciated.
Regards
Karan
--
Regards,
Sachin Kariyattin
