[
https://issues.apache.org/jira/browse/AIRAVATA-2889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marcus Christie updated AIRAVATA-2889:
--------------------------------------
Description:
PGA uses the realm admin's username and password, but it would be better if we
could just use the existing client_id and client_secret to get an access token
for authenticating with the IAM Admin Services API.
h5. TODO
* [x] Add *manage-users* role from the *realm-management* client to the
automatically generated PGA client in the tenant creation code
* -In KeyCloakSecurityManager, use ProfileService to get oauth client
id/secret from TenantProfileService instead of from Gateway in workspace
catalog (where it may or may not be populated)-
** turns out I don't need this. oauth client id and secret are replicated with
the Gateway in the workspace catalog. There was a bug preventing this from
working but that has been fixed (AIRAVATA-2924).
was:
PGA uses the realm admin's username and password, but it would be better if we
could just use the existing client_id and client_secret to get an access token
for authenticating with the IAM Admin Services API.
h5. TODO
* [x] Add *manage-users* role from the *realm-management* client to the
automatically generated PGA client in the tenant creation code
* [ ] In KeyCloakSecurityManager, use ProfileService to get oauth client
id/secret from TenantProfileService instead of from Gateway in workspace
catalog (where it may or may not be populated)
> Use service account to authenticate Django portal to IamAdminService
> --------------------------------------------------------------------
>
> Key: AIRAVATA-2889
> URL: https://issues.apache.org/jira/browse/AIRAVATA-2889
> Project: Airavata
> Issue Type: Improvement
> Reporter: Marcus Christie
> Assignee: Marcus Christie
> Priority: Major
>
> PGA uses the realm admin's username and password, but it would be better if
> we could just use the existing client_id and client_secret to get an access
> token for authenticating with the IAM Admin Services API.
> h5. TODO
> * [x] Add *manage-users* role from the *realm-management* client to the
> automatically generated PGA client in the tenant creation code
> * -In KeyCloakSecurityManager, use ProfileService to get oauth client
> id/secret from TenantProfileService instead of from Gateway in workspace
> catalog (where it may or may not be populated)-
> ** turns out I don't need this. oauth client id and secret are replicated
> with the Gateway in the workspace catalog. There was a bug preventing this
> from working but that has been fixed (AIRAVATA-2924).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
