Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata
Yes that is a possibility. But that will require a significant integration between those components and NextCloud. I don't know how flexible NextCloud will be. Maybe Karan can shed some insight. On Wed, May 23, 2018 at 8:29 PM, Marru, Suresh <sma...@iu.edu> wrote: > Hi Supun, > > Yes there is and I agree we need a complex authorization mechanism. My > tentative thinking is to integrate with replica catalog and sharing service > so we enforce data sharing at API level. Any other ideas? > > Suresh > > > On May 23, 2018, at 10:26 PM, Supun Nakandala <supun.nakand...@gmail.com> > wrote: > > @Karan, @Suresh > > Is there a plan to enable data sharing at the raw file level using > NextCloud? If so we may need a more complex authorization mechanism. > > On Wed, May 23, 2018 at 3:07 PM, Kotabagi, Karan <kkota...@iu.edu> wrote: > >> @Supun, @Suresh and Sudhakar, >> >> >> Thanks!, for your inputs, I will have more questions moving ahead. >> >> >> Regards >> >> Karan >> -- >> *From:* Supun Nakandala <supun.nakand...@gmail.com> >> *Sent:* Wednesday, May 23, 2018 4:42 PM >> *To:* Kotabagi, Karan >> >> *Subject:* Re: Gsoc 2018 - Integration of the Nextcloud with Apache >> Airavata >> >> Hi Karan, >> >> On Wed, May 23, 2018 at 9:34 AM, Kotabagi, Karan <kkota...@iu.edu> wrote: >> >>> Hi Supun, >>> >>> >>> I have followed the steps that Sachin gave and was able to configure the >>> nextcloud with the keycloak server locally. The nextcloud interface will >>> re-direct to the keycloak server to authenticate with the username and >>> password. >>> >>> >>> Since, we have a file upload service code that will upload the file into >>> the nextcloud without the keycloak authentication, I have few of the >>> following questions that I need your help with respect to the seagrid-rich >>> client, we need to integrate this in such a way that the fileupload service >>> will get authenticated with the keycloak server and then proceed to be >>> upload the file. >>> >>> >>> 1>Does the seagrid-rich client is currently configured to be >>> authenticated with the keycloak server? >>> >>> Yes. In the login process seagrid client obtains an access token and it >>> uses this access token as the password for the SFTP server. The SFTP server >>> (Apache Mina implementation) verifies this access token from SFTP server >>> end. https://github.com/SciGaP/airavata-file-manager/blob/ >>> master/src/main/java/org/apache/airavata/filemgr/AuthenticationMgr.java. >>> You can do something similar in NextCloud. I hope NextCloud would support >>> some form of pluggable authentication model (PAM). >>> >>> 2>I looked into the following code:- >>> >>> *https://github.com/SciGaP/seagrid-rich-client/blob/mast >>> er/src/main/java/org/seagrid/desktop/connectors/storage/GuiFileTask.java >>> >>> In this, the sftp session is getting authenticated with the oauth >>> token. >>> >>> In the same way, is it possible to use the existing authentication >>> mechanism to get the nextcloud authenticated? (by configuring the nextcloud >>> login endpoint as the client in the existing keycloak server). >>> >>> The client should be the desktop client. Not the NextCloud server. >>> NextCloud server will be the resource which has to enforce authentication >>> and authorization using the access token. >>> >>> 3> The token is being received from the Airvata Manager at >>> >>> *https://github.com/SciGaP/seagrid-rich-client/blob/master/ >>> src/main/java/org/seagrid/desktop/connectors/airavata/Airava >>> taManager.java >>> >>> and I believe the token is set during the intial login. >>> >>> Yes you are correct. >>> >>> Do you have any more of the details that I can look into to integrate >>> the existing authentication mechanism in seagrid-rich client to login to >>> the nextcloud server? >>> >>> >>> Regards >>> >>> Karan >>> -- >>> *From:* Kotabagi, Karan <kkota...@iu.edu> >>> *Sent:* Saturday, May 19, 2018 11:03 AM >>> *To:* Kariyattin, Sachin; Supun Nakandala >>> *Cc:* Marru, Suresh; dev@airavata.apache.org >>> >>> *Subject:* Re: Gsoc 2018 - Integration of the Nextcloud w
Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata
@Karan, @Suresh Is there a plan to enable data sharing at the raw file level using NextCloud? If so we may need a more complex authorization mechanism. On Wed, May 23, 2018 at 3:07 PM, Kotabagi, Karan <kkota...@iu.edu> wrote: > @Supun, @Suresh and Sudhakar, > > > Thanks!, for your inputs, I will have more questions moving ahead. > > > Regards > > Karan > -- > *From:* Supun Nakandala <supun.nakand...@gmail.com> > *Sent:* Wednesday, May 23, 2018 4:42 PM > *To:* Kotabagi, Karan > > *Subject:* Re: Gsoc 2018 - Integration of the Nextcloud with Apache > Airavata > > Hi Karan, > > On Wed, May 23, 2018 at 9:34 AM, Kotabagi, Karan <kkota...@iu.edu> wrote: > >> Hi Supun, >> >> >> I have followed the steps that Sachin gave and was able to configure the >> nextcloud with the keycloak server locally. The nextcloud interface will >> re-direct to the keycloak server to authenticate with the username and >> password. >> >> >> Since, we have a file upload service code that will upload the file into >> the nextcloud without the keycloak authentication, I have few of the >> following questions that I need your help with respect to the seagrid-rich >> client, we need to integrate this in such a way that the fileupload service >> will get authenticated with the keycloak server and then proceed to be >> upload the file. >> >> >> 1>Does the seagrid-rich client is currently configured to be >> authenticated with the keycloak server? >> >> Yes. In the login process seagrid client obtains an access token and it >> uses this access token as the password for the SFTP server. The SFTP server >> (Apache Mina implementation) verifies this access token from SFTP server >> end. https://github.com/SciGaP/airavata-file-manager/ >> blob/master/src/main/java/org/apache/airavata/filemgr/ >> AuthenticationMgr.java. You can do something similar in NextCloud. I >> hope NextCloud would support some form of pluggable authentication model >> (PAM). >> >> 2>I looked into the following code:- >> >> *https://github.com/SciGaP/seagrid-rich-client/blob/ >> master/src/main/java/org/seagrid/desktop/connectors/storage/ >> GuiFileTask.java >> >> In this, the sftp session is getting authenticated with the oauth >> token. >> >> In the same way, is it possible to use the existing authentication >> mechanism to get the nextcloud authenticated? (by configuring the nextcloud >> login endpoint as the client in the existing keycloak server). >> >> The client should be the desktop client. Not the NextCloud server. >> NextCloud server will be the resource which has to enforce authentication >> and authorization using the access token. >> >> 3> The token is being received from the Airvata Manager at >> >> *https://github.com/SciGaP/seagrid-rich-client/blob/master/ >> src/main/java/org/seagrid/desktop/connectors/airavata/ >> AiravataManager.java >> >> and I believe the token is set during the intial login. >> >> Yes you are correct. >> >> Do you have any more of the details that I can look into to integrate the >> existing authentication mechanism in seagrid-rich client to login to >> the nextcloud server? >> >> >> Regards >> >> Karan >> -- >> *From:* Kotabagi, Karan <kkota...@iu.edu> >> *Sent:* Saturday, May 19, 2018 11:03 AM >> *To:* Kariyattin, Sachin; Supun Nakandala >> *Cc:* Marru, Suresh; dev@airavata.apache.org >> >> *Subject:* Re: Gsoc 2018 - Integration of the Nextcloud with Apache >> Airavata >> >> >> @Sachin, @Supun, >> >> >> Thanks for the information, I will look into the same. >> >> >> Regards >> >> Karan >> -- >> *From:* Supun Nakandala <supun.nakand...@gmail.com> >> *Sent:* Saturday, May 19, 2018 12:07 AM >> *To:* dev >> *Subject:* Re: Gsoc 2018 - Integration of the Nextcloud with Apache >> Airavata >> >> Hi Karan, >> >> In my opinion, the ideal approach to use in this scenario would be OAuth >> based authorization. KeyCloak supports OAuth and you can register a service >> provider and use that to give a prompt to the user to authorize the desktop >> client to communicate with the NextCloud server. >> After the user authorizes the client, KeyCloak will issue an access token >> which can be used on behalf of the user. NextCloud server will have to use >> this to
Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata
@Supun, @Suresh and Sudhakar, Thanks!, for your inputs, I will have more questions moving ahead. Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com> Sent: Wednesday, May 23, 2018 4:42 PM To: Kotabagi, Karan Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, On Wed, May 23, 2018 at 9:34 AM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi Supun, I have followed the steps that Sachin gave and was able to configure the nextcloud with the keycloak server locally. The nextcloud interface will re-direct to the keycloak server to authenticate with the username and password. Since, we have a file upload service code that will upload the file into the nextcloud without the keycloak authentication, I have few of the following questions that I need your help with respect to the seagrid-rich client, we need to integrate this in such a way that the fileupload service will get authenticated with the keycloak server and then proceed to be upload the file. 1>Does the seagrid-rich client is currently configured to be authenticated with the keycloak server? Yes. In the login process seagrid client obtains an access token and it uses this access token as the password for the SFTP server. The SFTP server (Apache Mina implementation) verifies this access token from SFTP server end. https://github.com/SciGaP/airavata-file-manager/blob/master/src/main/java/org/apache/airavata/filemgr/AuthenticationMgr.java. You can do something similar in NextCloud. I hope NextCloud would support some form of pluggable authentication model (PAM). 2>I looked into the following code:- *https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/storage/GuiFileTask.java In this, the sftp session is getting authenticated with the oauth token. In the same way, is it possible to use the existing authentication mechanism to get the nextcloud authenticated? (by configuring the nextcloud login endpoint as the client in the existing keycloak server). The client should be the desktop client. Not the NextCloud server. NextCloud server will be the resource which has to enforce authentication and authorization using the access token. 3> The token is being received from the Airvata Manager at *https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/airavata/AiravataManager.java and I believe the token is set during the intial login. Yes you are correct. Do you have any more of the details that I can look into to integrate the existing authentication mechanism in seagrid-rich client to login to the nextcloud server? Regards Karan From: Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> Sent: Saturday, May 19, 2018 11:03 AM To: Kariyattin, Sachin; Supun Nakandala Cc: Marru, Suresh; dev@airavata.apache.org<mailto:dev@airavata.apache.org> Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata @Sachin, @Supun, Thanks for the information, I will look into the same. Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> Sent: Saturday, May 19, 2018 12:07 AM To: dev Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, In my opinion, the ideal approach to use in this scenario would be OAuth based authorization. KeyCloak supports OAuth and you can register a service provider and use that to give a prompt to the user to authorize the desktop client to communicate with the NextCloud server. After the user authorizes the client, KeyCloak will issue an access token which can be used on behalf of the user. NextCloud server will have to use this token and get it validated from the KeyCloak server to ensure the token bearer is authorized to access the NextCloud server. For obtaining this access token there several grant flows in OAuth that you can use. Based on the type of the client and the level of security you can decide which grant flow to use. https://alexbilbie.com/guide-to-oauth-2-grants/ contains a good summary of OAuth grant flows. I think the implicit grant flow will be most appropriate in this scenario. [1] - https://scholarworks.iu.edu/dspace/bitstream/handle/2022/21092/airavata-security-escience16.pdf?sequence=1 On Fri, May 18, 2018 at 8:55 PM, Sachin Kariyattin <sachin9...@gmail.com<mailto:sachin9...@gmail.com>> wrote: Hi Karan, The following wiki lists the basic steps to configure keycloak with NextCloud https://github.com/sachinkariyattin/NextCloud/wiki This can get you started On Fri, May 18, 2018 at 7:57 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi All, I am working with the following Seagrid-rich cli
Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata
Hi Karan, The SEAGrid Rich Client to Airavata File Manager security handshake is over OAuth2 Protocol. Where as NextCloud KeyClock is through SAML2. So you have two options: 1) Explore a Native OAuth2 Authentication within NextCloud — this is the preferred option. 2) Write a SAML2 client code within Rich Client. For 1, you should look at the discussion at https://nextcloud.com/blog/security-in-nextcloud-12-new-authentication-mechanisms/ and https://help.nextcloud.com/t/nc12-build-in-oauth2-client-authentification/14852 I suggest you ask on NextCloud mailing list if anything has changed in supporting native OAuth2 Client authentication. Suresh On May 23, 2018, at 2:14 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hello Sudhakar, Yes, it doesn't know anything with respect to the nextcloud and I am trying to set-up the same. I wanted to use the existing authentication that is being carried out in the Seagrid-rich client to be utilized to login to the nextcloud server(which can be configured with keycloak), and understand the details with respect to the implementation of the existing authentication. Regards Karan From: Pamidighantam, Sudhakar <pamid...@iu.edu<mailto:pamid...@iu.edu>> Sent: Wednesday, May 23, 2018 2:02 PM To: Airavata Dev Cc: Supun Nakandala; Kariyattin, Sachin; Marru, Suresh Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata Karan: SEAgrid rich client uses Keycloak authentication in general and should be same for file upload service. Currently it does not know anything about NextCloud.But you are working on it. Is there some thing specific you want to know. Thanks, Sudhakar. On May 23, 2018, at 12:34 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi Supun, I have followed the steps that Sachin gave and was able to configure the nextcloud with the keycloak server locally. The nextcloud interface will re-direct to the keycloak server to authenticate with the username and password. Since, we have a file upload service code that will upload the file into the nextcloud without the keycloak authentication, I have few of the following questions that I need your help with respect to the seagrid-rich client, we need to integrate this in such a way that the fileupload service will get authenticated with the keycloak server and then proceed to be upload the file. 1>Does the seagrid-rich client is currently configured to be authenticated with the keycloak server? 2>I looked into the following code:- *https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/storage/GuiFileTask.java<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_SciGaP_seagrid-2Drich-2Dclient_blob_master_src_main_java_org_seagrid_desktop_connectors_storage_GuiFileTask.java=DwMFAw=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag=MHiqdWK8XhH0q9z3CNwPncJXwbe2U-jRufk9VnVTRww=yYrybemNnIoqfvivV52KyOLjdvT9-dCD-R5-q2X-LOo=KGj8hrw2SFvtwdBNsJqIjkd2aYCrTiwsA-HvXnysD0s=> In this, the sftp session is getting authenticated with the oauth token. In the same way, is it possible to use the existing authentication mechanism to get the nextcloud authenticated? (by configuring the nextcloud login endpoint as the client in the existing keycloak server). 3> The token is being received from the Airvata Manager at *https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/airavata/AiravataManager.java<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_SciGaP_seagrid-2Drich-2Dclient_blob_master_src_main_java_org_seagrid_desktop_connectors_airavata_AiravataManager.java=DwMFAw=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag=MHiqdWK8XhH0q9z3CNwPncJXwbe2U-jRufk9VnVTRww=yYrybemNnIoqfvivV52KyOLjdvT9-dCD-R5-q2X-LOo=dN40a0wWPT8hZWhlX91yv_f_hhxhE05V5eoki9abe0I=> and I believe the token is set during the intial login. Do you have any more of the details that I can look into to integrate the existing authentication mechanism in seagrid-rich client to login to the nextcloud server? Regards Karan From: Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> Sent: Saturday, May 19, 2018 11:03 AM To: Kariyattin, Sachin; Supun Nakandala Cc: Marru, Suresh; dev@airavata.apache.org<mailto:dev@airavata.apache.org> Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata @Sachin, @Supun, Thanks for the information, I will look into the same. Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> Sent: Saturday, May 19, 2018 12:07 AM To: dev Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, In my opinion, the ideal approach to use in this scenario woul
Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata
Hello Sudhakar, Yes, it doesn't know anything with respect to the nextcloud and I am trying to set-up the same. I wanted to use the existing authentication that is being carried out in the Seagrid-rich client to be utilized to login to the nextcloud server(which can be configured with keycloak), and understand the details with respect to the implementation of the existing authentication. Regards Karan From: Pamidighantam, Sudhakar <pamid...@iu.edu> Sent: Wednesday, May 23, 2018 2:02 PM To: Airavata Dev Cc: Supun Nakandala; Kariyattin, Sachin; Marru, Suresh Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata Karan: SEAgrid rich client uses Keycloak authentication in general and should be same for file upload service. Currently it does not know anything about NextCloud.But you are working on it. Is there some thing specific you want to know. Thanks, Sudhakar. On May 23, 2018, at 12:34 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi Supun, I have followed the steps that Sachin gave and was able to configure the nextcloud with the keycloak server locally. The nextcloud interface will re-direct to the keycloak server to authenticate with the username and password. Since, we have a file upload service code that will upload the file into the nextcloud without the keycloak authentication, I have few of the following questions that I need your help with respect to the seagrid-rich client, we need to integrate this in such a way that the fileupload service will get authenticated with the keycloak server and then proceed to be upload the file. 1>Does the seagrid-rich client is currently configured to be authenticated with the keycloak server? 2>I looked into the following code:- *https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/storage/GuiFileTask.java<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_SciGaP_seagrid-2Drich-2Dclient_blob_master_src_main_java_org_seagrid_desktop_connectors_storage_GuiFileTask.java=DwMFAw=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag=MHiqdWK8XhH0q9z3CNwPncJXwbe2U-jRufk9VnVTRww=yYrybemNnIoqfvivV52KyOLjdvT9-dCD-R5-q2X-LOo=KGj8hrw2SFvtwdBNsJqIjkd2aYCrTiwsA-HvXnysD0s=> In this, the sftp session is getting authenticated with the oauth token. In the same way, is it possible to use the existing authentication mechanism to get the nextcloud authenticated? (by configuring the nextcloud login endpoint as the client in the existing keycloak server). 3> The token is being received from the Airvata Manager at *https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/airavata/AiravataManager.java<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_SciGaP_seagrid-2Drich-2Dclient_blob_master_src_main_java_org_seagrid_desktop_connectors_airavata_AiravataManager.java=DwMFAw=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag=MHiqdWK8XhH0q9z3CNwPncJXwbe2U-jRufk9VnVTRww=yYrybemNnIoqfvivV52KyOLjdvT9-dCD-R5-q2X-LOo=dN40a0wWPT8hZWhlX91yv_f_hhxhE05V5eoki9abe0I=> and I believe the token is set during the intial login. Do you have any more of the details that I can look into to integrate the existing authentication mechanism in seagrid-rich client to login to the nextcloud server? Regards Karan From: Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> Sent: Saturday, May 19, 2018 11:03 AM To: Kariyattin, Sachin; Supun Nakandala Cc: Marru, Suresh; dev@airavata.apache.org<mailto:dev@airavata.apache.org> Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata @Sachin, @Supun, Thanks for the information, I will look into the same. Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> Sent: Saturday, May 19, 2018 12:07 AM To: dev Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, In my opinion, the ideal approach to use in this scenario would be OAuth based authorization. KeyCloak supports OAuth and you can register a service provider and use that to give a prompt to the user to authorize the desktop client to communicate with the NextCloud server. After the user authorizes the client, KeyCloak will issue an access token which can be used on behalf of the user. NextCloud server will have to use this token and get it validated from the KeyCloak server to ensure the token bearer is authorized to access the NextCloud server. For obtaining this access token there several grant flows in OAuth that you can use. Based on the type of the client and the level of security you can decide which grant flow to use. https://alexbilbie.com/guide-to-oauth-2-grants/<https://urldefense.proofpoint.com/v2/url?u=https-3A__alexbilb
Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata
Karan: SEAgrid rich client uses Keycloak authentication in general and should be same for file upload service. Currently it does not know anything about NextCloud.But you are working on it. Is there some thing specific you want to know. Thanks, Sudhakar. On May 23, 2018, at 12:34 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi Supun, I have followed the steps that Sachin gave and was able to configure the nextcloud with the keycloak server locally. The nextcloud interface will re-direct to the keycloak server to authenticate with the username and password. Since, we have a file upload service code that will upload the file into the nextcloud without the keycloak authentication, I have few of the following questions that I need your help with respect to the seagrid-rich client, we need to integrate this in such a way that the fileupload service will get authenticated with the keycloak server and then proceed to be upload the file. 1>Does the seagrid-rich client is currently configured to be authenticated with the keycloak server? 2>I looked into the following code:- *https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/storage/GuiFileTask.java<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_SciGaP_seagrid-2Drich-2Dclient_blob_master_src_main_java_org_seagrid_desktop_connectors_storage_GuiFileTask.java=DwMFAw=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag=MHiqdWK8XhH0q9z3CNwPncJXwbe2U-jRufk9VnVTRww=yYrybemNnIoqfvivV52KyOLjdvT9-dCD-R5-q2X-LOo=KGj8hrw2SFvtwdBNsJqIjkd2aYCrTiwsA-HvXnysD0s=> In this, the sftp session is getting authenticated with the oauth token. In the same way, is it possible to use the existing authentication mechanism to get the nextcloud authenticated? (by configuring the nextcloud login endpoint as the client in the existing keycloak server). 3> The token is being received from the Airvata Manager at *https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/airavata/AiravataManager.java<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_SciGaP_seagrid-2Drich-2Dclient_blob_master_src_main_java_org_seagrid_desktop_connectors_airavata_AiravataManager.java=DwMFAw=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag=MHiqdWK8XhH0q9z3CNwPncJXwbe2U-jRufk9VnVTRww=yYrybemNnIoqfvivV52KyOLjdvT9-dCD-R5-q2X-LOo=dN40a0wWPT8hZWhlX91yv_f_hhxhE05V5eoki9abe0I=> and I believe the token is set during the intial login. Do you have any more of the details that I can look into to integrate the existing authentication mechanism in seagrid-rich client to login to the nextcloud server? Regards Karan From: Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> Sent: Saturday, May 19, 2018 11:03 AM To: Kariyattin, Sachin; Supun Nakandala Cc: Marru, Suresh; dev@airavata.apache.org<mailto:dev@airavata.apache.org> Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata @Sachin, @Supun, Thanks for the information, I will look into the same. Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> Sent: Saturday, May 19, 2018 12:07 AM To: dev Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, In my opinion, the ideal approach to use in this scenario would be OAuth based authorization. KeyCloak supports OAuth and you can register a service provider and use that to give a prompt to the user to authorize the desktop client to communicate with the NextCloud server. After the user authorizes the client, KeyCloak will issue an access token which can be used on behalf of the user. NextCloud server will have to use this token and get it validated from the KeyCloak server to ensure the token bearer is authorized to access the NextCloud server. For obtaining this access token there several grant flows in OAuth that you can use. Based on the type of the client and the level of security you can decide which grant flow to use. https://alexbilbie.com/guide-to-oauth-2-grants/<https://urldefense.proofpoint.com/v2/url?u=https-3A__alexbilbie.com_guide-2Dto-2Doauth-2D2-2Dgrants_=DwMFAw=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag=MHiqdWK8XhH0q9z3CNwPncJXwbe2U-jRufk9VnVTRww=yYrybemNnIoqfvivV52KyOLjdvT9-dCD-R5-q2X-LOo=e_NmsPBgg4FrngIgu980oSglwDtTKayE_eC8YVKxMzs=> contains a good summary of OAuth grant flows. I think the implicit grant flow will be most appropriate in this scenario. [1] - https://scholarworks.iu.edu/dspace/bitstream/handle/2022/21092/airavata-security-escience16.pdf?sequence=1<https://urldefense.proofpoint.com/v2/url?u=https-3A__scholarworks.iu.edu_dspace_bitstream_handle_2022_21092_airavata-2Dsecurity-2Descience16.pdf-3Fsequence-3D1=DwMFAw=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag=MHiqdWK8XhH0q9z3CN
Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata
Hi Supun, I have followed the steps that Sachin gave and was able to configure the nextcloud with the keycloak server locally. The nextcloud interface will re-direct to the keycloak server to authenticate with the username and password. Since, we have a file upload service code that will upload the file into the nextcloud without the keycloak authentication, I have few of the following questions that I need your help with respect to the seagrid-rich client, we need to integrate this in such a way that the fileupload service will get authenticated with the keycloak server and then proceed to be upload the file. 1>Does the seagrid-rich client is currently configured to be authenticated with the keycloak server? 2>I looked into the following code:- *https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/storage/GuiFileTask.java In this, the sftp session is getting authenticated with the oauth token. In the same way, is it possible to use the existing authentication mechanism to get the nextcloud authenticated? (by configuring the nextcloud login endpoint as the client in the existing keycloak server). 3> The token is being received from the Airvata Manager at *https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/airavata/AiravataManager.java and I believe the token is set during the intial login. Do you have any more of the details that I can look into to integrate the existing authentication mechanism in seagrid-rich client to login to the nextcloud server? Regards Karan From: Kotabagi, Karan <kkota...@iu.edu> Sent: Saturday, May 19, 2018 11:03 AM To: Kariyattin, Sachin; Supun Nakandala Cc: Marru, Suresh; dev@airavata.apache.org Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata @Sachin, @Supun, Thanks for the information, I will look into the same. Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com> Sent: Saturday, May 19, 2018 12:07 AM To: dev Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, In my opinion, the ideal approach to use in this scenario would be OAuth based authorization. KeyCloak supports OAuth and you can register a service provider and use that to give a prompt to the user to authorize the desktop client to communicate with the NextCloud server. After the user authorizes the client, KeyCloak will issue an access token which can be used on behalf of the user. NextCloud server will have to use this token and get it validated from the KeyCloak server to ensure the token bearer is authorized to access the NextCloud server. For obtaining this access token there several grant flows in OAuth that you can use. Based on the type of the client and the level of security you can decide which grant flow to use. https://alexbilbie.com/guide-to-oauth-2-grants/ contains a good summary of OAuth grant flows. I think the implicit grant flow will be most appropriate in this scenario. [1] - https://scholarworks.iu.edu/dspace/bitstream/handle/2022/21092/airavata-security-escience16.pdf?sequence=1 On Fri, May 18, 2018 at 8:55 PM, Sachin Kariyattin <sachin9...@gmail.com<mailto:sachin9...@gmail.com>> wrote: Hi Karan, The following wiki lists the basic steps to configure keycloak with NextCloud https://github.com/sachinkariyattin/NextCloud/wiki This can get you started On Fri, May 18, 2018 at 7:57 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi All, I am working with the following Seagrid-rich client to replace the file upload mechanism with the next cloud instead of the SFTP. I have the different nextcloud API code set-up that uploads the file to the Nextcloud server that is set-up locally in Ubuntu. At present the password is hardcoded, so this should be authenticated with the help of keycloak as discussed with Suresh. I have discussed the things with Sachin and I have received some inputs to proceed with keycloak authentication and after that I can proceed to implement the same with the nextcloud API, after this is successful I need to integrate nextcloud API with the Seagrid-rich client. Further steps will also include to set-up Nextcloud in the existing file server and point the upload of the input files from the client to the same location where the existing files are saved (This needs to be further looked into with all the configurations). Any suggestions or inputs to proceed with the keycloak authentication mechanism to work instead of the password would be appreciated. Regards Karan -- Regards, Sachin Kariyattin
Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata
@Sachin, @Supun, Thanks for the information, I will look into the same. Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com> Sent: Saturday, May 19, 2018 12:07 AM To: dev Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, In my opinion, the ideal approach to use in this scenario would be OAuth based authorization. KeyCloak supports OAuth and you can register a service provider and use that to give a prompt to the user to authorize the desktop client to communicate with the NextCloud server. After the user authorizes the client, KeyCloak will issue an access token which can be used on behalf of the user. NextCloud server will have to use this token and get it validated from the KeyCloak server to ensure the token bearer is authorized to access the NextCloud server. For obtaining this access token there several grant flows in OAuth that you can use. Based on the type of the client and the level of security you can decide which grant flow to use. https://alexbilbie.com/guide-to-oauth-2-grants/ contains a good summary of OAuth grant flows. I think the implicit grant flow will be most appropriate in this scenario. [1] - https://scholarworks.iu.edu/dspace/bitstream/handle/2022/21092/airavata-security-escience16.pdf?sequence=1 On Fri, May 18, 2018 at 8:55 PM, Sachin Kariyattin <sachin9...@gmail.com<mailto:sachin9...@gmail.com>> wrote: Hi Karan, The following wiki lists the basic steps to configure keycloak with NextCloud https://github.com/sachinkariyattin/NextCloud/wiki This can get you started On Fri, May 18, 2018 at 7:57 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi All, I am working with the following Seagrid-rich client to replace the file upload mechanism with the next cloud instead of the SFTP. I have the different nextcloud API code set-up that uploads the file to the Nextcloud server that is set-up locally in Ubuntu. At present the password is hardcoded, so this should be authenticated with the help of keycloak as discussed with Suresh. I have discussed the things with Sachin and I have received some inputs to proceed with keycloak authentication and after that I can proceed to implement the same with the nextcloud API, after this is successful I need to integrate nextcloud API with the Seagrid-rich client. Further steps will also include to set-up Nextcloud in the existing file server and point the upload of the input files from the client to the same location where the existing files are saved (This needs to be further looked into with all the configurations). Any suggestions or inputs to proceed with the keycloak authentication mechanism to work instead of the password would be appreciated. Regards Karan -- Regards, Sachin Kariyattin
Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata
Hi Karan, In my opinion, the ideal approach to use in this scenario would be OAuth based authorization. KeyCloak supports OAuth and you can register a service provider and use that to give a prompt to the user to authorize the desktop client to communicate with the NextCloud server. After the user authorizes the client, KeyCloak will issue an access token which can be used on behalf of the user. NextCloud server will have to use this token and get it validated from the KeyCloak server to ensure the token bearer is authorized to access the NextCloud server. For obtaining this access token there several grant flows in OAuth that you can use. Based on the type of the client and the level of security you can decide which grant flow to use. https://alexbilbie.com/guide-to-oauth-2-grants/ contains a good summary of OAuth grant flows. I think the implicit grant flow will be most appropriate in this scenario. [1] - https://scholarworks.iu.edu/dspace/bitstream/handle/2022/21092/airavata-security-escience16.pdf?sequence=1 On Fri, May 18, 2018 at 8:55 PM, Sachin Kariyattinwrote: > Hi Karan, > > The following wiki lists the basic steps to configure keycloak with > NextCloud > > https://github.com/sachinkariyattin/NextCloud/wiki > > This can get you started > > On Fri, May 18, 2018 at 7:57 PM, Kotabagi, Karan wrote: > >> Hi All, >> >> >> I am working with the following Seagrid-rich client to replace the file >> upload mechanism with the next cloud instead of the SFTP. >> >> >> I have the different nextcloud API code set-up that uploads the file to >> the Nextcloud server that is set-up locally in Ubuntu. At present the >> password is hardcoded, so this should be authenticated with the help of >> keycloak as discussed with Suresh. >> >> >> I have discussed the things with Sachin and I have received some inputs >> to proceed with keycloak authentication and after that I can proceed >> to implement the same with the nextcloud API, after this is successful I >> need to integrate nextcloud API with the Seagrid-rich client. >> >> >> Further steps will also include to set-up Nextcloud in the existing file >> server and point the upload of the input files from the client to the same >> location where the existing files are saved (This needs to be further >> looked into with all the configurations). >> >> >> Any suggestions or inputs to proceed with the keycloak authentication >> mechanism to work instead of the password would be appreciated. >> >> >> Regards >> >> Karan >> >> >> >> >> >> > > > -- > > > *Regards,Sachin Kariyattin* >
Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata
Hi Karan, The following wiki lists the basic steps to configure keycloak with NextCloud https://github.com/sachinkariyattin/NextCloud/wiki This can get you started On Fri, May 18, 2018 at 7:57 PM, Kotabagi, Karanwrote: > Hi All, > > > I am working with the following Seagrid-rich client to replace the file > upload mechanism with the next cloud instead of the SFTP. > > > I have the different nextcloud API code set-up that uploads the file to > the Nextcloud server that is set-up locally in Ubuntu. At present the > password is hardcoded, so this should be authenticated with the help of > keycloak as discussed with Suresh. > > > I have discussed the things with Sachin and I have received some inputs to > proceed with keycloak authentication and after that I can proceed > to implement the same with the nextcloud API, after this is successful I > need to integrate nextcloud API with the Seagrid-rich client. > > > Further steps will also include to set-up Nextcloud in the existing file > server and point the upload of the input files from the client to the same > location where the existing files are saved (This needs to be further > looked into with all the configurations). > > > Any suggestions or inputs to proceed with the keycloak authentication > mechanism to work instead of the password would be appreciated. > > > Regards > > Karan > > > > > > -- *Regards,Sachin Kariyattin*
Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata
Hi Supun, Thanks for the information. Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com> Sent: Wednesday, May 16, 2018 12:08 PM To: Kotabagi, Karan Cc: dev@airavata.apache.org; Kariyattin, Sachin; Marru, Suresh Subject: Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata On Wed, May 16, 2018 at 8:06 AM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi Supun, Thanks! I have checked code and looked into the GuiFileUploadTask and further plan to replace the same connector code with the API that will connect with the nextcloud server. If I am not wrong, seadgrid.properties has the details of the file server where the input files are uploaded. I believe the Airavata API will pick up the input files from the current remote server that is configured in the seagrid.properties and do you have any suggestions about how the output files are written or downloaded from the remote server? There is another file called GuiFileDownloadTask in the same storage path, I believe this will download the files when the experiment is completed, and to be sure the Airavata is writing the output files to the same remote directory? Yes Airavata writing files to the same output directory. File are dowloaded ondemand after an experiment is completed. Meaning, they will be downloaded when a user tries to open a file from the file browser or click on a file link in the experiment info page. Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> Sent: Tuesday, May 15, 2018 10:53 PM To: Kotabagi, Karan Cc: dev@airavata.apache.org<mailto:dev@airavata.apache.org> Subject: Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata Looks good! To make your life easy here are some code pointers :) The SFTP integration code is located here https://github.com/SciGaP/seagrid-rich-client/tree/master/src/main/java/org/seagrid/desktop/connectors/storage. Specifically the file manager api methods are implemented here https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/storage/StorageManager.java. For the SFTP authentication, the current client uses the OAuth token given by the SciGaP identity provider as the password. The Username is same as SEAGrid username. As per the current implementation (someone please correct me if this has been changed recently) Airavata GFac requires the file paths to be absolute paths. However, the SFTP server provides a virtual file system view the root directory is actually a directory named by the username in the host file system. So there is some file path conversions happening between SFTP paths and paths used when creating experiment metadata. This can be configured here https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/resources/seagrid.properties#L43 On Tue, May 15, 2018 at 7:44 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi Supun, Please find the following answers to the questions: 1. As per my knowledge resumable uploads for the Nextcloud has been implemented at the client side, I still need to check regarding the same with respect to the server side implementation. Reference: https://github.com/nextcloud/android/issues/159 2. Nextcloud can be integrated with the third-party authentication schemes using OAuth/OpenID. Reference: https://nextcloud.com/blog/security-in-nextcloud-12-new-authentication-mechanisms/ Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> Sent: Saturday, May 12, 2018 10:25 PM To: Kotabagi, Karan Cc: dev Subject: Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, Quick couple of questions, 1. Does NextCloud support resumable file uploads? (Meaning you can upload part of the file now and the rest later) 2. Can we integrate NextCloud with third-party authentication schemes using OAuth/OpenID? On Sat, May 12, 2018 at 7:05 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Resending the email as I had missed the link*** Hi Supun, Thanks, I will try to create an account at the link and test the login. You can find the project proposal is at the following link. https://docs.google.com/document/d/1yAyA1xXTWT6keco2nNtzAcSc6e5wEouV-3sZfY8_gG8/edit?usp=sharing Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> Sent: Saturday, May 12, 2018 9:52 PM To: dev Subject: Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, You should be able to login with the seagrid.org<http://seagrid.org> http
Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata
On Wed, May 16, 2018 at 8:06 AM, Kotabagi, Karan <kkota...@iu.edu> wrote: > Hi Supun, > > > Thanks! > > > I have checked code and looked into the GuiFileUploadTask and further plan > to replace the same connector code with > > the API that will connect with the nextcloud server. > > > If I am not wrong, seadgrid.properties has the details of the file > server where the input files are uploaded. I believe > > the Airavata API will pick up the input files from the current remote > server that is configured in the seagrid.properties > > and do you have any suggestions about how the output files are written or > downloaded from the remote > > server? There is another file called GuiFileDownloadTask in the same > storage path, I believe this will download the files when > > the experiment is completed, and to be sure the Airavata is writing the > output files to the same remote directory? > > Yes Airavata writing files to the same output directory. File are > dowloaded ondemand after an experiment is completed. Meaning, they will be > downloaded when a user tries to open a file from the file browser or click > on a file link in the experiment info page. > > Regards > > Karan > -- > *From:* Supun Nakandala <supun.nakand...@gmail.com> > *Sent:* Tuesday, May 15, 2018 10:53 PM > *To:* Kotabagi, Karan > *Cc:* dev@airavata.apache.org > > *Subject:* Re: GSoC 2018 - Integration of the Nextcloud with Apache > Airavata > > Looks good! > > To make your life easy here are some code pointers :) > > The SFTP integration code is located here https://github.com/SciGaP > /seagrid-rich-client/tree/master/src/main/java/org/seagr > id/desktop/connectors/storage. Specifically the file manager api methods > are implemented here https://github.com/SciGaP/seagrid-rich-client/blob/ > master/src/main/java/org/seagrid/desktop/connectors/storage/ > StorageManager.java. > > For the SFTP authentication, the current client uses the OAuth token given > by the SciGaP identity provider as the password. The Username is same as > SEAGrid username. > > As per the current implementation (someone please correct me if this has > been changed recently) Airavata GFac requires the file paths to be absolute > paths. However, the SFTP server provides a virtual file system view the > root directory is actually a directory named by the username in the host > file system. So there is some file path conversions happening between SFTP > paths and paths used when creating experiment metadata. This can be > configured here https://github.com/SciGaP/seagrid-rich-client/ > blob/master/src/main/resources/seagrid.properties#L43 > > > On Tue, May 15, 2018 at 7:44 PM, Kotabagi, Karan <kkota...@iu.edu> wrote: > >> Hi Supun, >> >> >> Please find the following answers to the questions: >> >> >> 1. As per my knowledge resumable uploads for the Nextcloud has been >> implemented at the client side, I still need to check regarding the >> >> same with respect to the server side implementation. >> >> Reference: https://github.com/nextcloud/android/issues/159 >> >> >> 2. Nextcloud can be integrated with the third-party authentication >> schemes using OAuth/OpenID. >> >> Reference: https://nextcloud.com/blog/security-in- >> nextcloud-12-new-authentication-mechanisms/ >> >> >> Regards >> >> Karan >> -- >> *From:* Supun Nakandala <supun.nakand...@gmail.com> >> *Sent:* Saturday, May 12, 2018 10:25 PM >> *To:* Kotabagi, Karan >> *Cc:* dev >> >> *Subject:* Re: GSoC 2018 - Integration of the Nextcloud with Apache >> Airavata >> >> Hi Karan, >> >> Quick couple of questions, >> >> 1. Does NextCloud support resumable file uploads? (Meaning you can upload >> part of the file now and the rest later) >> 2. Can we integrate NextCloud with third-party authentication schemes >> using OAuth/OpenID? >> >> On Sat, May 12, 2018 at 7:05 PM, Kotabagi, Karan <kkota...@iu.edu> wrote: >> >>> Resending the email as I had missed the >>> link*** >>> >>> Hi Supun, >>> >>> >>> Thanks, I will try to create an account at the link and test the login. >>> >>> You can find the project proposal is at the following link. >>> >>> >>> https://docs.google.com/document/d/1yAyA1xXTWT6keco2nNtzAcSc >>> 6e5wEouV-3sZfY8_gG8/edit?usp=sharing >>> >>> >>> Regards >&g
Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata
Hi Supun, Thanks! I have checked code and looked into the GuiFileUploadTask and further plan to replace the same connector code with the API that will connect with the nextcloud server. If I am not wrong, seadgrid.properties has the details of the file server where the input files are uploaded. I believe the Airavata API will pick up the input files from the current remote server that is configured in the seagrid.properties and do you have any suggestions about how the output files are written or downloaded from the remote server? There is another file called GuiFileDownloadTask in the same storage path, I believe this will download the files when the experiment is completed, and to be sure the Airavata is writing the output files to the same remote directory? Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com> Sent: Tuesday, May 15, 2018 10:53 PM To: Kotabagi, Karan Cc: dev@airavata.apache.org Subject: Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata Looks good! To make your life easy here are some code pointers :) The SFTP integration code is located here https://github.com/SciGaP/seagrid-rich-client/tree/master/src/main/java/org/seagrid/desktop/connectors/storage. Specifically the file manager api methods are implemented here https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/storage/StorageManager.java. For the SFTP authentication, the current client uses the OAuth token given by the SciGaP identity provider as the password. The Username is same as SEAGrid username. As per the current implementation (someone please correct me if this has been changed recently) Airavata GFac requires the file paths to be absolute paths. However, the SFTP server provides a virtual file system view the root directory is actually a directory named by the username in the host file system. So there is some file path conversions happening between SFTP paths and paths used when creating experiment metadata. This can be configured here https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/resources/seagrid.properties#L43 On Tue, May 15, 2018 at 7:44 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi Supun, Please find the following answers to the questions: 1. As per my knowledge resumable uploads for the Nextcloud has been implemented at the client side, I still need to check regarding the same with respect to the server side implementation. Reference: https://github.com/nextcloud/android/issues/159 2. Nextcloud can be integrated with the third-party authentication schemes using OAuth/OpenID. Reference: https://nextcloud.com/blog/security-in-nextcloud-12-new-authentication-mechanisms/ Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> Sent: Saturday, May 12, 2018 10:25 PM To: Kotabagi, Karan Cc: dev Subject: Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, Quick couple of questions, 1. Does NextCloud support resumable file uploads? (Meaning you can upload part of the file now and the rest later) 2. Can we integrate NextCloud with third-party authentication schemes using OAuth/OpenID? On Sat, May 12, 2018 at 7:05 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Resending the email as I had missed the link*** Hi Supun, Thanks, I will try to create an account at the link and test the login. You can find the project proposal is at the following link. https://docs.google.com/document/d/1yAyA1xXTWT6keco2nNtzAcSc6e5wEouV-3sZfY8_gG8/edit?usp=sharing Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> Sent: Saturday, May 12, 2018 9:52 PM To: dev Subject: Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, You should be able to login with the seagrid.org<http://seagrid.org> https://seagrid.org/create login credentials. You may need to create an account there (if you don't have one already) and get it approved. Until your account is approved you will not be able to login. BTW, is your project proposal publically accessible? Thank -Supun On Sat, May 12, 2018 at 6:36 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi All, I am working with the following as the part of the Google Summer of Code 2018 project to integrate the Nextcloud with the Apache Airavata. I am starting to work with the Seagrid rich client Java Fx application to replace the airavata file manager with the Nextcloud. I followed the build steps in the readme file of the github repo https://github.com/SciGaP/seagrid-rich-client First, I wa
Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata
Looks good! To make your life easy here are some code pointers :) The SFTP integration code is located here https://github.com/ SciGaP/seagrid-rich-client/tree/master/src/main/java/org/ seagrid/desktop/connectors/storage. Specifically the file manager api methods are implemented here https://github.com/ SciGaP/seagrid-rich-client/blob/master/src/main/java/org/ seagrid/desktop/connectors/storage/StorageManager.java. For the SFTP authentication, the current client uses the OAuth token given by the SciGaP identity provider as the password. The Username is same as SEAGrid username. As per the current implementation (someone please correct me if this has been changed recently) Airavata GFac requires the file paths to be absolute paths. However, the SFTP server provides a virtual file system view the root directory is actually a directory named by the username in the host file system. So there is some file path conversions happening between SFTP paths and paths used when creating experiment metadata. This can be configured here https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/resources/seagrid.properties#L43 On Tue, May 15, 2018 at 7:44 PM, Kotabagi, Karan <kkota...@iu.edu> wrote: > Hi Supun, > > > Please find the following answers to the questions: > > > 1. As per my knowledge resumable uploads for the Nextcloud has been > implemented at the client side, I still need to check regarding the > > same with respect to the server side implementation. > > Reference: https://github.com/nextcloud/android/issues/159 > > > 2. Nextcloud can be integrated with the third-party authentication schemes > using OAuth/OpenID. > > Reference: https://nextcloud.com/blog/security-in-nextcloud-12-new- > authentication-mechanisms/ > > > Regards > > Karan > -- > *From:* Supun Nakandala <supun.nakand...@gmail.com> > *Sent:* Saturday, May 12, 2018 10:25 PM > *To:* Kotabagi, Karan > *Cc:* dev > > *Subject:* Re: GSoC 2018 - Integration of the Nextcloud with Apache > Airavata > > Hi Karan, > > Quick couple of questions, > > 1. Does NextCloud support resumable file uploads? (Meaning you can upload > part of the file now and the rest later) > 2. Can we integrate NextCloud with third-party authentication schemes > using OAuth/OpenID? > > On Sat, May 12, 2018 at 7:05 PM, Kotabagi, Karan <kkota...@iu.edu> wrote: > >> Resending the email as I had missed the >> link*** >> >> Hi Supun, >> >> >> Thanks, I will try to create an account at the link and test the login. >> >> You can find the project proposal is at the following link. >> >> >> https://docs.google.com/document/d/1yAyA1xXTWT6keco2nNtzAcSc >> 6e5wEouV-3sZfY8_gG8/edit?usp=sharing >> >> >> Regards >> >> Karan >> -- >> *From:* Supun Nakandala <supun.nakand...@gmail.com> >> *Sent:* Saturday, May 12, 2018 9:52 PM >> *To:* dev >> *Subject:* Re: GSoC 2018 - Integration of the Nextcloud with Apache >> Airavata >> >> Hi Karan, >> >> You should be able to login with the seagrid.org >> https://seagrid.org/create login credentials. You may need to create an >> account there (if you don't have one already) and get it approved. Until >> your account is approved you will not be able to login. >> >> BTW, is your project proposal publically accessible? >> >> Thank >> -Supun >> >> On Sat, May 12, 2018 at 6:36 PM, Kotabagi, Karan <kkota...@iu.edu> wrote: >> >>> Hi All, >>> >>> >>> I am working with the following as the part of the Google Summer of Code >>> 2018 project to integrate the Nextcloud with the Apache Airavata. >>> >>> >>> I am starting to work with the Seagrid rich client Java Fx application >>> to replace the airavata file manager with the Nextcloud. >>> >>> >>> I followed the build steps in the readme file of the github repo >>> https://github.com/SciGaP/seagrid-rich-client >>> >>> First, I was able to run the script as in the jamberoo-libs directory >>> and execute "mvn_install_libs.sh" >>> >>> Next, I am able to build the project successfully with the command "mvn >>> -P update-deployment clean package" >>> >>> I was able to build a native installer with the command "mvn -P >>> update-deployment install" and run the >>> app at the path "seagrid-rich-client/target/installer/fxlauncher.jar", I >>> believe this is the right jar file to start the application. >>> >>> I was able to start the application as attached in the screenshot >>> "desktop_client.png". >>> >>> Although, I am not able to login to the application with the CLI login, my >>> next task would be to figure >>> out on how to login to the application and test the sample upload of the >>> files. >>> >>> Do the client applications have the separate authentication system? Would I >>> have to request the >>> separate access for the separate clients? If yes then where can I request >>> the access for this Seagrid javaFx >>> desktop application? >>> >>> Regards >>> Karan >>> >>> >> >
Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata
Hi Supun, Please find the following answers to the questions: ?1. As per my knowledge resumable uploads for the Nextcloud has been implemented at the client side, I still need to check regarding the same with respect to the server side implementation. Reference: https://github.com/nextcloud/android/issues/159 2. Nextcloud can be integrated with the third-party authentication schemes using OAuth/OpenID. Reference: https://nextcloud.com/blog/security-in-nextcloud-12-new-authentication-mechanisms/ Regards Karan? From: Supun Nakandala <supun.nakand...@gmail.com> Sent: Saturday, May 12, 2018 10:25 PM To: Kotabagi, Karan Cc: dev Subject: Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, Quick couple of questions, 1. Does NextCloud support resumable file uploads? (Meaning you can upload part of the file now and the rest later) 2. Can we integrate NextCloud with third-party authentication schemes using OAuth/OpenID? On Sat, May 12, 2018 at 7:05 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Resending the email as I had missed the link*** Hi Supun, Thanks, I will try to create an account at the link and test the login. You can find the project proposal is at the following link. https://docs.google.com/document/d/1yAyA1xXTWT6keco2nNtzAcSc6e5wEouV-3sZfY8_gG8/edit?usp=sharing Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> Sent: Saturday, May 12, 2018 9:52 PM To: dev Subject: Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, You should be able to login with the seagrid.org<http://seagrid.org> https://seagrid.org/create login credentials. You may need to create an account there (if you don't have one already) and get it approved. Until your account is approved you will not be able to login. BTW, is your project proposal publically accessible? Thank -Supun On Sat, May 12, 2018 at 6:36 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi All, I am working with the following as the part of the Google Summer of Code 2018 project to integrate the Nextcloud with the Apache Airavata. I am starting to work with the Seagrid rich client Java Fx application to replace the airavata file manager with the Nextcloud. I followed the build steps in the readme file of the github repo https://github.com/SciGaP/seagrid-rich-client First, I was able to run the script as in the jamberoo-libs directory and execute "mvn_install_libs.sh" Next, I am able to build the project successfully with the command "mvn -P update-deployment clean package" I was able to build a native installer with the command "mvn -P update-deployment install" and run the app at the path "seagrid-rich-client/target/installer/fxlauncher.jar", I believe this is the right jar file to start the application. I was able to start the application as attached in the screenshot "desktop_client.png". Although, I am not able to login to the application with the CLI login, my next task would be to figure out on how to login to the application and test the sample upload of the files. Do the client applications have the separate authentication system? Would I have to request the separate access for the separate clients? If yes then where can I request the access for this Seagrid javaFx desktop application? Regards Karan
Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata
Hi Karan, Quick couple of questions, 1. Does NextCloud support resumable file uploads? (Meaning you can upload part of the file now and the rest later) 2. Can we integrate NextCloud with third-party authentication schemes using OAuth/OpenID? On Sat, May 12, 2018 at 7:05 PM, Kotabagi, Karan <kkota...@iu.edu> wrote: > Resending the email as I had missed the > link*** > > Hi Supun, > > > Thanks, I will try to create an account at the link and test the login. > > You can find the project proposal is at the following link. > > > https://docs.google.com/document/d/1yAyA1xXTWT6keco2nNtzAcSc6e5wE > ouV-3sZfY8_gG8/edit?usp=sharing > > > Regards > > Karan > -- > *From:* Supun Nakandala <supun.nakand...@gmail.com> > *Sent:* Saturday, May 12, 2018 9:52 PM > *To:* dev > *Subject:* Re: GSoC 2018 - Integration of the Nextcloud with Apache > Airavata > > Hi Karan, > > You should be able to login with the seagrid.org > https://seagrid.org/create login credentials. You may need to create an > account there (if you don't have one already) and get it approved. Until > your account is approved you will not be able to login. > > BTW, is your project proposal publically accessible? > > Thank > -Supun > > On Sat, May 12, 2018 at 6:36 PM, Kotabagi, Karan <kkota...@iu.edu> wrote: > >> Hi All, >> >> >> I am working with the following as the part of the Google Summer of Code >> 2018 project to integrate the Nextcloud with the Apache Airavata. >> >> >> I am starting to work with the Seagrid rich client Java Fx application >> to replace the airavata file manager with the Nextcloud. >> >> >> I followed the build steps in the readme file of the github repo >> https://github.com/SciGaP/seagrid-rich-client >> >> First, I was able to run the script as in the jamberoo-libs directory >> and execute "mvn_install_libs.sh" >> >> Next, I am able to build the project successfully with the command "mvn >> -P update-deployment clean package" >> >> I was able to build a native installer with the command "mvn -P >> update-deployment install" and run the >> app at the path "seagrid-rich-client/target/installer/fxlauncher.jar", I >> believe this is the right jar file to start the application. >> >> I was able to start the application as attached in the screenshot >> "desktop_client.png". >> >> Although, I am not able to login to the application with the CLI login, my >> next task would be to figure >> out on how to login to the application and test the sample upload of the >> files. >> >> Do the client applications have the separate authentication system? Would I >> have to request the >> separate access for the separate clients? If yes then where can I request >> the access for this Seagrid javaFx >> desktop application? >> >> Regards >> Karan >> >> >
Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata
Resending the email as I had missed the link*** Hi Supun, Thanks, I will try to create an account at the link and test the login. You can find the project proposal is at the following link. https://docs.google.com/document/d/1yAyA1xXTWT6keco2nNtzAcSc6e5wEouV-3sZfY8_gG8/edit?usp=sharing Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com> Sent: Saturday, May 12, 2018 9:52 PM To: dev Subject: Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, You should be able to login with the seagrid.org<http://seagrid.org> https://seagrid.org/create login credentials. You may need to create an account there (if you don't have one already) and get it approved. Until your account is approved you will not be able to login. BTW, is your project proposal publically accessible? Thank -Supun On Sat, May 12, 2018 at 6:36 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi All, I am working with the following as the part of the Google Summer of Code 2018 project to integrate the Nextcloud with the Apache Airavata. I am starting to work with the Seagrid rich client Java Fx application to replace the airavata file manager with the Nextcloud. I followed the build steps in the readme file of the github repo https://github.com/SciGaP/seagrid-rich-client First, I was able to run the script as in the jamberoo-libs directory and execute "mvn_install_libs.sh" Next, I am able to build the project successfully with the command "mvn -P update-deployment clean package" I was able to build a native installer with the command "mvn -P update-deployment install" and run the app at the path "seagrid-rich-client/target/installer/fxlauncher.jar", I believe this is the right jar file to start the application. I was able to start the application as attached in the screenshot "desktop_client.png". Although, I am not able to login to the application with the CLI login, my next task would be to figure out on how to login to the application and test the sample upload of the files. Do the client applications have the separate authentication system? Would I have to request the separate access for the separate clients? If yes then where can I request the access for this Seagrid javaFx desktop application? Regards Karan
Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata
Hi Supun, Thanks, I will try to create an account at the link and test the login. You can find the project proposal is at the following link. Regards Karan From: Supun Nakandala <supun.nakand...@gmail.com> Sent: Saturday, May 12, 2018 9:52 PM To: dev Subject: Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata Hi Karan, You should be able to login with the seagrid.org<http://seagrid.org> https://seagrid.org/create login credentials. You may need to create an account there (if you don't have one already) and get it approved. Until your account is approved you will not be able to login. BTW, is your project proposal publically accessible? Thank -Supun On Sat, May 12, 2018 at 6:36 PM, Kotabagi, Karan <kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote: Hi All, I am working with the following as the part of the Google Summer of Code 2018 project to integrate the Nextcloud with the Apache Airavata. I am starting to work with the Seagrid rich client Java Fx application to replace the airavata file manager with the Nextcloud. I followed the build steps in the readme file of the github repo https://github.com/SciGaP/seagrid-rich-client First, I was able to run the script as in the jamberoo-libs directory and execute "mvn_install_libs.sh" Next, I am able to build the project successfully with the command "mvn -P update-deployment clean package" I was able to build a native installer with the command "mvn -P update-deployment install" and run the app at the path "seagrid-rich-client/target/installer/fxlauncher.jar", I believe this is the right jar file to start the application. I was able to start the application as attached in the screenshot "desktop_client.png". Although, I am not able to login to the application with the CLI login, my next task would be to figure out on how to login to the application and test the sample upload of the files. Do the client applications have the separate authentication system? Would I have to request the separate access for the separate clients? If yes then where can I request the access for this Seagrid javaFx desktop application? Regards Karan
Re: GSoC 2018 - Integration of the Nextcloud with Apache Airavata
Hi Karan, You should be able to login with the seagrid.org https://seagrid.org/create login credentials. You may need to create an account there (if you don't have one already) and get it approved. Until your account is approved you will not be able to login. BTW, is your project proposal publically accessible? Thank -Supun On Sat, May 12, 2018 at 6:36 PM, Kotabagi, Karanwrote: > Hi All, > > > I am working with the following as the part of the Google Summer of Code > 2018 project to integrate the Nextcloud with the Apache Airavata. > > > I am starting to work with the Seagrid rich client Java Fx application to > replace the airavata file manager with the Nextcloud. > > > I followed the build steps in the readme file of the github repo > https://github.com/SciGaP/seagrid-rich-client > > First, I was able to run the script as in the jamberoo-libs directory and > execute "mvn_install_libs.sh" > > Next, I am able to build the project successfully with the command "mvn > -P update-deployment clean package" > > I was able to build a native installer with the command "mvn -P > update-deployment install" and run the > app at the path "seagrid-rich-client/target/installer/fxlauncher.jar", I > believe this is the right jar file to start the application. > > I was able to start the application as attached in the screenshot > "desktop_client.png". > > Although, I am not able to login to the application with the CLI login, my > next task would be to figure > out on how to login to the application and test the sample upload of the > files. > > Do the client applications have the separate authentication system? Would I > have to request the > separate access for the separate clients? If yes then where can I request the > access for this Seagrid javaFx > desktop application? > > Regards > Karan > >