Thanks for the clarification, Supun. Let me see if I understand things correctly:
- The gateway will authenticate with the userAPI using credentials stored in a config file (via adminLogin) - Once authenticated, the userAPI will replace the PHP-Reference-Gateway’s id_utilities interface for authenticating/adding/etc users So the gateway itself is an admin, but how can an individual user become an admin? When an admin user logs in to the gateway, how will the gateway know the user is an admin? Perhaps like this: - The user authenticates in the normal login page, and both authenticateUser and adminLogin functions are called. o If authenticateUser returns true, the user is logged in (setting the username and logged_in session variables) o If adminLogin returns the token, the user is logged in with admin priviledges (probably by storing the token in a session variable). If no token is returned, the session variable remains null and the user is treated as a standard user. Does that sound correct? Dave From: Supun Nakandala [mailto:supun.nakand...@gmail.com] Sent: Friday, June 20, 2014 1:20 PM To: dev@airavata.apache.org Subject: Re: [GSoC] Status Update Hi Dave, I was planning to have a separate tenant for each gateway. For example PHP-Reference-Gateway has a separate tenant in the WSO2 IS. Each of these have a tenant admin (can have more than one). And gateways has to use the tenant admin credentials to use the UserAPI. The adminLogin and adminLogout functions are for the gateways to authenticate with the UserAPI using the given tenant admin credentials. After authenticating using the tenant admin credentials gateways can use the API to do the given operations. Standard users cannot log in to the UserAPI (only the tenant admin can login). But the gateways can authenticate uses via the API given the user's username and password. If we need to distinguish different users separately we can create user groups and add users to groups. But still I don't have added this functionality to the UserAPI. On Fri, Jun 20, 2014 at 8:17 PM, Reagan, David Michael <dmrea...@iu.edu<mailto:dmrea...@iu.edu>> wrote: Hi, Supun. Are the adminLogin and adminLogout functions just for admin users? Can you explain a bit about how the ID server differentiates standard vs admin users, and how you think the gateway should be able to tell which kind a user a person is? Thanks, Dave From: Amila Jayasekara [mailto:thejaka.am...@gmail.com<mailto:thejaka.am...@gmail.com>] Sent: Friday, June 20, 2014 9:31 AM To: dev Subject: Re: [GSoC] Status Update Nice ! Thanks Amila On Fri, Jun 20, 2014 at 7:16 AM, Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> wrote: Hi All, I have added some php client sample code to the repository [1]. Thank you Supun [1] - https://github.com/scnakandala/airavata-userapi/tree/master/clients/php-client On Wed, Jun 18, 2014 at 10:05 PM, Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> wrote: Hi All, During the last week I drafted a basic user api description for Airavata user management. You can find the thrift descriptor files at [1]. I have also implemented the server side code and hosted in the same github repository. I did not tried to come up with a complete list of user management requirements but rather implemented the most frequently required ones. As the requirements change I plan to modify the api iteratively. I appreciate if you can provide feedback on the drafted user management api. My next target is to implement a php client for this api and integrate it with the PHP-Reference-Gateway Thank you Supun [1] - https://github.com/scnakandala/airavata-userapi/blob/master/thrift-interface-descriptors/userAPI.thrift -- Thank you Supun Nakandala Dept. Computer Science and Engineering University of Moratuwa -- Thank you Supun Nakandala Dept. Computer Science and Engineering University of Moratuwa
