You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@airavata.apache.org by DImuthu Upeksha <di...@gmail.com> on 2015/04/14 00:37:42 UTC
Airavata User management
Hi all,
I have few points to get clarified about user management in Airavata server
1. When I start the server there is an error log
[ERROR] The Credential Store Server did not start!!!
Where is this credential store? How should I configure it? What is the
usage of this credential store?
2. When I go through Airavata.Client API and client samples I could not see
that there is a authentication mechanism for users who access it (Please
correct me if there is a way). If so what is the use of a Credentials Store?
3. How does the user authorisation is done in Airavata?
Thanks
Dimuthu
--
Regards
W.Dimuthu Upeksha
Undergraduate
Department of Computer Science And Engineering
University of Moratuwa, Sri Lanka
Re: Airavata User management
Posted by Hasini Gunasinghe <ha...@gmail.com>.
Hi Dimuthu,
On Tue, Apr 14, 2015 at 6:22 AM, DImuthu Upeksha <dimuthu.upeksha2@gmail.com
> wrote:
> Hi Hasini,
>
> Thank you for the quick response. Because I'm working on porting GridChem
> client to use Airavata APIs, user authentication is also a part for me to
> figure out. I went through you proposal for ticket [1] and believe that I
> can refer to you design because authentication part at Airavata API may
> depend on your solution. If I understood your proposal correctly, from
> Airavata API side you introduce another parameter for each existing method
> to accept OAuth Access Token and forward it to Security Manager. Am I
> correct?
>
Yes, you are correct.
Thanks,
Hasini.
>
> [1] https://issues.apache.org/jira/browse/AIRAVATA-1624
>
> Thanks
> Dimuthu
>
> On Tue, Apr 14, 2015 at 4:53 AM, Hasini Gunasinghe <ha...@gmail.com>
> wrote:
>
>> Hi Dimuthu,
>>
>> Please find the answers inline.
>>
>> On Mon, Apr 13, 2015 at 6:37 PM, DImuthu Upeksha <
>> dimuthu.upeksha2@gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> I have few points to get clarified about user management in Airavata
>>> server
>>>
>>> 1. When I start the server there is an error log
>>>
>>> [ERROR] The Credential Store Server did not start!!!
>>>
>>> Where is this credential store? How should I configure it?
>>>
>> This has been answered in a previous thread. I am copying below the
>> answer given by Chathuri in the thread "Resolving the issues in the
>> Airavata server statup"
>>
>> *"Credential store thrift service is not starting by default. If you want
>> to start credential store service, you need to configure it in
>> airavata-server.properties. You will see below set of properties under
>> "Credential Store module Configuration" in airavata-server.properties*
>>
>> *start.credential.store=false*
>> *credential.store.keystore.url=**/Users/chathuri/dev/airavata/*
>> *credential-store/oa4mp/**airavata_sym.jks*
>> *credential.store.keystore.**alias=airavata*
>> *credential.store.keystore.**password=airavata*
>> *credential.store.jdbc.url=**jdbc:derby://localhost:1527/*
>> *experiment_catalog;create=**true;user=airavata;password=**airavata*
>> *credential.store.jdbc.user=**airavata*
>> *credential.store.jdbc.**password=airavata*
>> *credential.store.jdbc.driver=**org.apache.derby.jdbc.**ClientDriver*
>> *credential.store.server.host=**localhost*
>> *credential.store.server.port=**8960*
>> *credentialstore=org.apache.**airavata.credential.store.*
>> *server.CredentialStoreServer*
>> *credential.store.thrift.**server.keystore=/Users/*
>> *chathuri/dev/airavata/**credential-store/oa4mp/**airavata.jks*
>> *credential.store.thrift.**server.keystore.password=**airavata*
>>
>> *You need to make start.credential.store as true. You need to generate
>> symmetric key and specify that path for credential.store.keystore.url.
>> Credential store thrift service is a secured TLS service. You need to
>> generate a keystore file and specify the path and password in the
>> properties credential.store.thrift.**server.keystore,
>> credential.store.thrift.*
>>
>> *server.keystore.password. If you specify all these properties,
>> credential store will be start as a secured thrift service."*
>>
>>> What is the usage of this credential store?
>>>
>> AFAIU, Credential store is used to store the credentials/tokens that are
>> used by Airavata to authenticate to different grid servers. This paper is
>> on Airavata Credential Store:
>>
>> https://scholarworks.iu.edu/dspace/bitstream/handle/2022/17379/ccgrid_2014_credential_store.pdf?sequence=1
>>
>>
>>> 2. When I go through Airavata.Client API and client samples I could not
>>> see that there is a authentication mechanism for users who access it
>>> (Please correct me if there is a way). If so what is the use of a
>>> Credentials Store?
>>>
>>
>> As mentioned before, credential store stores the tokens for Airavata to
>> authenticate to grid servers, not the end-user credentials.
>>
>>>
>>> 3. How does the user authorisation is done in Airavata?
>>>
>>
>> Currently, end users are not authenticated/authorized at the Airavata
>> API. This https://issues.apache.org/jira/browse/AIRAVATA-1624 proposes a
>> solution for that.
>>
>> Thanks,
>> Hasini.
>>
>>>
>>> Thanks
>>> Dimuthu
>>>
>>> --
>>> Regards
>>>
>>> W.Dimuthu Upeksha
>>> Undergraduate
>>> Department of Computer Science And Engineering
>>>
>>> University of Moratuwa, Sri Lanka
>>>
>>
>>
>
>
> --
> Regards
>
> W.Dimuthu Upeksha
> Undergraduate
> Department of Computer Science And Engineering
>
> University of Moratuwa, Sri Lanka
>
Re: Airavata User management
Posted by DImuthu Upeksha <di...@gmail.com>.
Hi Hasini,
Thank you for the quick response. Because I'm working on porting GridChem
client to use Airavata APIs, user authentication is also a part for me to
figure out. I went through you proposal for ticket [1] and believe that I
can refer to you design because authentication part at Airavata API may
depend on your solution. If I understood your proposal correctly, from
Airavata API side you introduce another parameter for each existing method
to accept OAuth Access Token and forward it to Security Manager. Am I
correct?
[1] https://issues.apache.org/jira/browse/AIRAVATA-1624
Thanks
Dimuthu
On Tue, Apr 14, 2015 at 4:53 AM, Hasini Gunasinghe <ha...@gmail.com>
wrote:
> Hi Dimuthu,
>
> Please find the answers inline.
>
> On Mon, Apr 13, 2015 at 6:37 PM, DImuthu Upeksha <
> dimuthu.upeksha2@gmail.com> wrote:
>
>> Hi all,
>>
>> I have few points to get clarified about user management in Airavata
>> server
>>
>> 1. When I start the server there is an error log
>>
>> [ERROR] The Credential Store Server did not start!!!
>>
>> Where is this credential store? How should I configure it?
>>
> This has been answered in a previous thread. I am copying below the answer
> given by Chathuri in the thread "Resolving the issues in the Airavata
> server statup"
>
> *"Credential store thrift service is not starting by default. If you want
> to start credential store service, you need to configure it in
> airavata-server.properties. You will see below set of properties under
> "Credential Store module Configuration" in airavata-server.properties*
>
> *start.credential.store=false*
> *credential.store.keystore.url=**/Users/chathuri/dev/airavata/*
> *credential-store/oa4mp/**airavata_sym.jks*
> *credential.store.keystore.**alias=airavata*
> *credential.store.keystore.**password=airavata*
> *credential.store.jdbc.url=**jdbc:derby://localhost:1527/*
> *experiment_catalog;create=**true;user=airavata;password=**airavata*
> *credential.store.jdbc.user=**airavata*
> *credential.store.jdbc.**password=airavata*
> *credential.store.jdbc.driver=**org.apache.derby.jdbc.**ClientDriver*
> *credential.store.server.host=**localhost*
> *credential.store.server.port=**8960*
> *credentialstore=org.apache.**airavata.credential.store.*
> *server.CredentialStoreServer*
> *credential.store.thrift.**server.keystore=/Users/*
> *chathuri/dev/airavata/**credential-store/oa4mp/**airavata.jks*
> *credential.store.thrift.**server.keystore.password=**airavata*
>
> *You need to make start.credential.store as true. You need to generate
> symmetric key and specify that path for credential.store.keystore.url.
> Credential store thrift service is a secured TLS service. You need to
> generate a keystore file and specify the path and password in the
> properties credential.store.thrift.**server.keystore,
> credential.store.thrift.*
>
> *server.keystore.password. If you specify all these properties, credential
> store will be start as a secured thrift service."*
>
>> What is the usage of this credential store?
>>
> AFAIU, Credential store is used to store the credentials/tokens that are
> used by Airavata to authenticate to different grid servers. This paper is
> on Airavata Credential Store:
>
> https://scholarworks.iu.edu/dspace/bitstream/handle/2022/17379/ccgrid_2014_credential_store.pdf?sequence=1
>
>
>> 2. When I go through Airavata.Client API and client samples I could not
>> see that there is a authentication mechanism for users who access it
>> (Please correct me if there is a way). If so what is the use of a
>> Credentials Store?
>>
>
> As mentioned before, credential store stores the tokens for Airavata to
> authenticate to grid servers, not the end-user credentials.
>
>>
>> 3. How does the user authorisation is done in Airavata?
>>
>
> Currently, end users are not authenticated/authorized at the Airavata API.
> This https://issues.apache.org/jira/browse/AIRAVATA-1624 proposes a
> solution for that.
>
> Thanks,
> Hasini.
>
>>
>> Thanks
>> Dimuthu
>>
>> --
>> Regards
>>
>> W.Dimuthu Upeksha
>> Undergraduate
>> Department of Computer Science And Engineering
>>
>> University of Moratuwa, Sri Lanka
>>
>
>
--
Regards
W.Dimuthu Upeksha
Undergraduate
Department of Computer Science And Engineering
University of Moratuwa, Sri Lanka
Re: Airavata User management
Posted by Hasini Gunasinghe <ha...@gmail.com>.
Hi Dimuthu,
Please find the answers inline.
On Mon, Apr 13, 2015 at 6:37 PM, DImuthu Upeksha <dimuthu.upeksha2@gmail.com
> wrote:
> Hi all,
>
> I have few points to get clarified about user management in Airavata server
>
> 1. When I start the server there is an error log
>
> [ERROR] The Credential Store Server did not start!!!
>
> Where is this credential store? How should I configure it?
>
This has been answered in a previous thread. I am copying below the answer
given by Chathuri in the thread "Resolving the issues in the Airavata
server statup"
*"Credential store thrift service is not starting by default. If you want
to start credential store service, you need to configure it in
airavata-server.properties. You will see below set of properties under
"Credential Store module Configuration" in airavata-server.properties*
*start.credential.store=false*
*credential.store.keystore.url=**/Users/chathuri/dev/airavata/*
*credential-store/oa4mp/**airavata_sym.jks*
*credential.store.keystore.**alias=airavata*
*credential.store.keystore.**password=airavata*
*credential.store.jdbc.url=**jdbc:derby://localhost:1527/*
*experiment_catalog;create=**true;user=airavata;password=**airavata*
*credential.store.jdbc.user=**airavata*
*credential.store.jdbc.**password=airavata*
*credential.store.jdbc.driver=**org.apache.derby.jdbc.**ClientDriver*
*credential.store.server.host=**localhost*
*credential.store.server.port=**8960*
*credentialstore=org.apache.**airavata.credential.store.*
*server.CredentialStoreServer*
*credential.store.thrift.**server.keystore=/Users/**chathuri/dev/airavata/*
*credential-store/oa4mp/**airavata.jks*
*credential.store.thrift.**server.keystore.password=**airavata*
*You need to make start.credential.store as true. You need to generate
symmetric key and specify that path for credential.store.keystore.url.
Credential store thrift service is a secured TLS service. You need to
generate a keystore file and specify the path and password in the
properties credential.store.thrift.**server.keystore,
credential.store.thrift.*
*server.keystore.password. If you specify all these properties, credential
store will be start as a secured thrift service."*
> What is the usage of this credential store?
>
AFAIU, Credential store is used to store the credentials/tokens that are
used by Airavata to authenticate to different grid servers. This paper is
on Airavata Credential Store:
https://scholarworks.iu.edu/dspace/bitstream/handle/2022/17379/ccgrid_2014_credential_store.pdf?sequence=1
> 2. When I go through Airavata.Client API and client samples I could not
> see that there is a authentication mechanism for users who access it
> (Please correct me if there is a way). If so what is the use of a
> Credentials Store?
>
As mentioned before, credential store stores the tokens for Airavata to
authenticate to grid servers, not the end-user credentials.
>
> 3. How does the user authorisation is done in Airavata?
>
Currently, end users are not authenticated/authorized at the Airavata API.
This https://issues.apache.org/jira/browse/AIRAVATA-1624 proposes a
solution for that.
Thanks,
Hasini.
>
> Thanks
> Dimuthu
>
> --
> Regards
>
> W.Dimuthu Upeksha
> Undergraduate
> Department of Computer Science And Engineering
>
> University of Moratuwa, Sri Lanka
>