Karan: SEAgrid rich client uses Keycloak authentication in general and should be same for file upload service. Currently it does not know anything about NextCloud.But you are working on it.
Is there some thing specific you want to know. Thanks, Sudhakar. On May 23, 2018, at 12:34 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi Supun, I have followed the steps that Sachin gave and was able to configure the nextcloud with the keycloak server locally. The nextcloud interface will re-direct to the keycloak server to authenticate with the username and password. Since, we have a file upload service code that will upload the file into the nextcloud without the keycloak authentication, I have few of the following questions that I need your help with respect to the seagrid-rich client, we need to integrate this in such a way that the fileupload service will get authenticated with the keycloak server and then proceed to be upload the file. 1>Does the seagrid-rich client is currently configured to be authenticated with the keycloak server? 2>I looked into the following code:- *https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/storage/GuiFileTask.java<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_SciGaP_seagrid-2Drich-2Dclient_blob_master_src_main_java_org_seagrid_desktop_connectors_storage_GuiFileTask.java&d=DwMFAw&c=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag&r=MHiqdWK8XhH0q9z3CNwPncJXwbe2U-jRufk9VnVTRww&m=yYrybemNnIoqfvivV52KyOLjdvT9-dCD-R5-q2X-LOo&s=KGj8hrw2SFvtwdBNsJqIjkd2aYCrTiwsA-HvXnysD0s&e=> In this, the sftp session is getting authenticated with the oauth token. In the same way, is it possible to use the existing authentication mechanism to get the nextcloud authenticated? (by configuring the nextcloud login endpoint as the client in the existing keycloak server). 3> The token is being received from the Airvata Manager at *https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/airavata/AiravataManager.java<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_SciGaP_seagrid-2Drich-2Dclient_blob_master_src_main_java_org_seagrid_desktop_connectors_airavata_AiravataManager.java&d=DwMFAw&c=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag&r=MHiqdWK8XhH0q9z3CNwPncJXwbe2U-jRufk9VnVTRww&m=yYrybemNnIoqfvivV52KyOLjdvT9-dCD-R5-q2X-LOo&s=dN40a0wWPT8hZWhlX91yv_f_hhxhE05V5eoki9abe0I&e=> and I believe the token is set during the intial login. Do you have any more of the details that I can look into to integrate the existing authentication mechanism in seagrid-rich client to login to the nextcloud server? Regards Karan ________________________________ From: Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> Sent: Saturday, May 19, 2018 11:03 AM To: Kariyattin, Sachin; Supun Nakandala Cc: Marru, Suresh; dev@airavata.apache.org<mailto:dev@airavata.apache.org> Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata @Sachin, @Supun, Thanks for the information, I will look into the same. Regards Karan ________________________________ From: Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> Sent: Saturday, May 19, 2018 12:07 AM To: dev Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, In my opinion, the ideal approach to use in this scenario would be OAuth based authorization. KeyCloak supports OAuth and you can register a service provider and use that to give a prompt to the user to authorize the desktop client to communicate with the NextCloud server. After the user authorizes the client, KeyCloak will issue an access token which can be used on behalf of the user. NextCloud server will have to use this token and get it validated from the KeyCloak server to ensure the token bearer is authorized to access the NextCloud server. For obtaining this access token there several grant flows in OAuth that you can use. Based on the type of the client and the level of security you can decide which grant flow to use. https://alexbilbie.com/guide-to-oauth-2-grants/<https://urldefense.proofpoint.com/v2/url?u=https-3A__alexbilbie.com_guide-2Dto-2Doauth-2D2-2Dgrants_&d=DwMFAw&c=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag&r=MHiqdWK8XhH0q9z3CNwPncJXwbe2U-jRufk9VnVTRww&m=yYrybemNnIoqfvivV52KyOLjdvT9-dCD-R5-q2X-LOo&s=e_NmsPBgg4FrngIgu980oSglwDtTKayE_eC8YVKxMzs&e=> contains a good summary of OAuth grant flows. I think the implicit grant flow will be most appropriate in this scenario. [1] - https://scholarworks.iu.edu/dspace/bitstream/handle/2022/21092/airavata-security-escience16.pdf?sequence=1<https://urldefense.proofpoint.com/v2/url?u=https-3A__scholarworks.iu.edu_dspace_bitstream_handle_2022_21092_airavata-2Dsecurity-2Descience16.pdf-3Fsequence-3D1&d=DwMFAw&c=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag&r=MHiqdWK8XhH0q9z3CNwPncJXwbe2U-jRufk9VnVTRww&m=yYrybemNnIoqfvivV52KyOLjdvT9-dCD-R5-q2X-LOo&s=pj-TUqyW9-pfVBf5X1YpclX2cIMn9565JdRc9HDfzH8&e=> On Fri, May 18, 2018 at 8:55 PM, Sachin Kariyattin <sachin9...@gmail.com<mailto:sachin9...@gmail.com>> wrote: Hi Karan, The following wiki lists the basic steps to configure keycloak with NextCloud https://github.com/sachinkariyattin/NextCloud/wiki<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_sachinkariyattin_NextCloud_wiki&d=DwMFAw&c=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag&r=MHiqdWK8XhH0q9z3CNwPncJXwbe2U-jRufk9VnVTRww&m=yYrybemNnIoqfvivV52KyOLjdvT9-dCD-R5-q2X-LOo&s=rZ41gEnW54XBxSj8i4M-UThKD1eHt15IDgXZktPbuLY&e=> This can get you started On Fri, May 18, 2018 at 7:57 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi All, I am working with the following Seagrid-rich client to replace the file upload mechanism with the next cloud instead of the SFTP. I have the different nextcloud API code set-up that uploads the file to the Nextcloud server that is set-up locally in Ubuntu. At present the password is hardcoded, so this should be authenticated with the help of keycloak as discussed with Suresh. I have discussed the things with Sachin and I have received some inputs to proceed with keycloak authentication and after that I can proceed to implement the same with the nextcloud API, after this is successful I need to integrate nextcloud API with the Seagrid-rich client. Further steps will also include to set-up Nextcloud in the existing file server and point the upload of the input files from the client to the same location where the existing files are saved (This needs to be further looked into with all the configurations). Any suggestions or inputs to proceed with the keycloak authentication mechanism to work instead of the password would be appreciated. Regards Karan -- Regards, Sachin Kariyattin