Skip to content

Latest commit

 

History

History
45 lines (37 loc) · 1.87 KB

20230822-minutes.md

File metadata and controls

45 lines (37 loc) · 1.87 KB

Authentication Working Group Minutes

Tuesday, 2023/08/22

10:00 am ET

Attendees:

Terrell Russell, Kory Draughn, Alan King, Martin Flores, Harry Kodden (SURF), Tony Edgin (CyVerse), Claudio Cacciari (SURF)

Minutes

SUMMARY:

DISCUSSION

  • New server-side function for verifying credentials without logging in
    • For native authentication, to be used alongside rc_switch_user (coming in 4.3.1)
    • Merged
  • OIDC/OAuth2 in HTTP API
    • Active PR - irods/irods_client_http_api#75
    • Options for handling errors
      • Currently planning to log a lot and return the error to the client
      • Anything else that needs to be done? Should be done? Nice to have?
      • Possibly additional loggers for OIDC vs 'main server'
    • Alternative user mapping plugins… using OIDC claim information at the moment
      • Could be a variable that is checked, rather than hard-coded name
      • Noticed the 'sub' doesn't change / persistent across logins
        • Could be in a static local file mapping
    • SURF has/had a configuration file that held the mapping
      • Static per-provider…
      • A little dynamic - could be regular expression match on names
      • Or per dept, etc. due to what information comes back from OIDC provider
    • Planning new work around 'state' in the HTTP API
      • Going with UUID for now, unless better ideas / concerns
    • Does the HTTP API / OIDC work affect the PAM interactive work in any way?
      • pam_password is a subset of pam_interactive
      • PAM (behind iRODS) cannot handle the web-friendly OIDC flows
      • An iRODS server could be set up with both, but a particular user probably will not see 'both'
    • Harry's ready to test it all out.
    • SURF - honoring a refresh token? Not yet, will add to the list
      • Honoring a timeout/expiry time
      • Honoring a sidechannel logout
  • Next Meeting
    • Sept 2023