Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata

[Kotabagi, Karan]

Hi Supun,


I have followed the steps that Sachin gave and was able to configure the 
nextcloud with the keycloak server locally. The  nextcloud interface will 
re-direct to the keycloak server to authenticate with the username and password.


Since, we have a file upload service code that will upload the file into the 
nextcloud without the keycloak authentication, I have few of the following 
questions that I need your help with respect to the seagrid-rich client, we 
need to integrate this in such a way that the fileupload service will get 
authenticated with the keycloak server and then proceed to be upload the file.


1>Does the seagrid-rich client is currently configured to be authenticated with 
the keycloak server?



2>I looked into the following code:-

    
*https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/storage/GuiFileTask.java

    In this, the sftp session is getting authenticated with the oauth token.

In the same way, is it possible to use the existing authentication mechanism to 
get the nextcloud authenticated? (by configuring the nextcloud login endpoint 
as the client in the existing keycloak server).


3> The token is being received from the Airvata Manager at

     
*https://github.com/SciGaP/seagrid-rich-client/blob/master/src/main/java/org/seagrid/desktop/connectors/airavata/AiravataManager.java

and I believe the token is set during the intial login.


Do you have any more of the details that I can look into to integrate the 
existing authentication mechanism in seagrid-rich client to login to the 
nextcloud server?


Regards

Karan

________________________________
From: Kotabagi, Karan <kkota...@iu.edu>
Sent: Saturday, May 19, 2018 11:03 AM
To: Kariyattin, Sachin; Supun Nakandala
Cc: Marru, Suresh; dev@airavata.apache.org
Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata


@Sachin, @Supun,


Thanks for the information, I will look into the same.


Regards

Karan

________________________________
From: Supun Nakandala <supun.nakand...@gmail.com>
Sent: Saturday, May 19, 2018 12:07 AM
To: dev
Subject: Re: Gsoc 2018 - Integration of the Nextcloud with Apache Airavata

Hi Karan,

In my opinion, the ideal approach to use in this scenario would be OAuth based 
authorization. KeyCloak supports OAuth and you can register a service provider 
and use that to give a prompt to the user to authorize the desktop client to 
communicate with the NextCloud server.
After the user authorizes the client, KeyCloak will issue an access token which 
can be used on behalf of the user. NextCloud server will have to use this token 
and get it validated from the KeyCloak server to ensure the token bearer is 
authorized to access the NextCloud server.

For obtaining this access token there several grant flows in OAuth that you can 
use. Based on the type of the client and the level of security you can decide 
which grant flow to use.

https://alexbilbie.com/guide-to-oauth-2-grants/ contains a good summary of 
OAuth grant flows. I think the implicit grant flow will be most appropriate in 
this scenario.



[1] - 
https://scholarworks.iu.edu/dspace/bitstream/handle/2022/21092/airavata-security-escience16.pdf?sequence=1

On Fri, May 18, 2018 at 8:55 PM, Sachin Kariyattin 
<sachin9...@gmail.com<mailto:sachin9...@gmail.com>> wrote:
Hi Karan,

The following wiki lists the basic steps to configure keycloak with NextCloud

https://github.com/sachinkariyattin/NextCloud/wiki

This can get you started

On Fri, May 18, 2018 at 7:57 PM, Kotabagi, Karan 
<kkota...@iu.edu<mailto:kkota...@iu.edu>> wrote:

Hi All,


I am working with the following Seagrid-rich client to replace the file upload 
mechanism with the next cloud instead of the SFTP.


I have the different nextcloud API code set-up  that uploads the file to the 
Nextcloud server that is set-up locally in Ubuntu. At present the password is 
hardcoded, so this should be authenticated with the help of keycloak as 
discussed with Suresh.


I have discussed the things with Sachin and I have received some inputs to 
proceed with keycloak authentication and after that I can proceed to implement 
the same with the nextcloud API, after this is successful I need to integrate 
nextcloud API  with the Seagrid-rich client.


Further steps will also include to set-up Nextcloud in the existing file server 
and point the upload of the input files from the client to the same location 
where the existing files are saved (This needs to be further looked into with 
all the configurations).


Any suggestions or inputs to proceed with the keycloak authentication mechanism 
to work instead of the password would be appreciated.


Regards

Karan







--
Regards,
Sachin Kariyattin