1 / 11

Introducing eduGAINBase Jos é Manuel Macías Diego R. Lopez

Introducing eduGAINBase Jos é Manuel Macías Diego R. Lopez. Index. eduGAINBase in brief eduGAINBase purpose Structure of the class hierarchy Using eduGAINBase: a couple of examples Setting up a request and sending it using a requester Responding the request using a responder

monet
Download Presentation

Introducing eduGAINBase Jos é Manuel Macías Diego R. Lopez

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introducing eduGAINBase José Manuel Macías Diego R. Lopez

  2. Index • eduGAINBase in brief • eduGAINBase purpose • Structure of the class hierarchy • Using eduGAINBase: a couple of examples • Setting up a request and sending it using a requester • Responding the request using a responder • Current development status • The TODO list for eduGAINBase • Your comments, please!

  3. eduGAINBase in Brief • It is a library implementing the abstract operations described in the JRA5 DJ5.2.2 deliverable • It is implemented in Java • It encapsulates request and response objects and provides an interface for communication between the different eduGAIN elements through requester and responder objects • The current code is available at the SVN repository hosted by UNINETT: • https://viewcvs.mi6.uninett.no/viewcvs/trunk/eduGAIN-base/?root=JRA5-edugain • It will provide also basic examples on how to be used

  4. EduGAINBase StructureRequest and Response Objects eduGAINRequest (I) eduGAINResponse (I) AuthenticationRequest (C) AuthenticationResponse (C) AttributeRequest (C) AttributeResponse (C) AuthorizationRequest (C) AuthorizationResponse (C) HomeLocationRequest (C) HomeLocationResponse (C)

  5. EduGAINBase StructureInterface with the eduGAIN Infrastructure Requesters and responders are used for: • Requesting/receiving responses/requests to/from the infrastructure • Providing a security layer and proper communication with the AAI eduGAINRequester (I) eduGAINResponder (I) eduGAINAuthenticationRequester (C) eduGAINAuthenticationResponder (C) eduGAINAttributeRequester (C) eduGAINAttributeResponder (C) eduGAINAuthorizationRequester (C) eduGAINAuthorizationResponder (C) eduGAINHomeLocationRequester (C) eduGAINHomeLocationResponder (C)

  6. eduGAINBase architectureCurrent Implementation

  7. EduGAINBase Usage SamplesSetting Up an Authentication Request /** Create a new authentication request object */ AuthenticationRequest areq = new AuthenticationRequest(); /** Generate a random ID */ areq.setRequestID(); /** Specify the resource we want to access... */ areq.setResource(new URI("http://enterprise.starfleet.fed/captainlog")); /** Here we stablish the authentication method (password) */ areq.setAuthMethod(new URI("urn:oasis:names:tc:SAML:1.0:am:password")); /** We set the authenticating principal (username) */ areq.setAuthenticatingPrincipal( “jean-luc” ); /** We set the credentials (ie: the password) */ ArrayList<String> credentials = new ArrayList<String>(); credentials.add( “picard” ); areq.setCredentials( credentials ); /** ... and not let's see how to send this request */

  8. EduGAINBase Usage SamplesSending the Request Using a Requester /** We need an AuthenticationResponse object if we want to access directly the contents of the response */ AuthenticationResponse aresp = new AuthenticationResponse(); /** We create an authentication requester... */ fsAuthenticationRequester fsar = new fsAuthenticationRequester(); /** And we send the request (our requester will return us the response) */ try { // Send the request and receive the convenient response in one step aresp = fsar.request(areq); // The requester has convenience methods for a more comfortable access to the // response if (fsar.isAuthenticated()) System.out.println("I know who you are..."); else System.out.println("I can't recognise you!"); } catch (eduGAINException e) { // requester except. }

  9. EduGAINBase Usage SamplesReceiving the Request /** Load of data source into memory or connect to data source... */ loadDataSourceFromFile(); /** We need an AuthenticationResponse object, since we will build the response on top of it */ AuthenticationResponse response = new AuthenticationResponse(); /** A new responder is instantiated... (this can be an already running thread) */ fsAuthenticationResponder responder = new fsAuthenticationResponder(); /** Then we fetch a request from the responder */ AuthenticationRequest request = (AuthenticationRequest) responder.fetchRequest(); /** Now comes the interesting part: we build the response... */

  10. EduGAINBase Usage SamplesCreating the Response and Sending It Back /** Now we start building the response... */ /** Set the InResponseTo field of the response */ response.setInResponseTo(request.getRequestID()); /** Build a result for the response (this example is quite dummy!) */ response.setResult(eduGAINResponse.EDUGAIN_NAMESPACE_RESULT_INVALID_CREDENTIALS); for(int i=0; i< entries.size(); i++){ if(entries.get(i).getUser().equals(request.getAuthenticatingPrincipal()) && entries.get(i).getPassword().equals(request.getCredentials().get(0))) response.setResult(eduGAINResponse.EDUGAIN_NAMESPACE_RESULT_ACCEPTED); } /** Try to send back the response using the responder */ try { responder.respond( response ); } catch (eduGAINException ex) { ex.printStackTrace(); }

  11. Next Steps • Complete the library: SAML, XML signature, SOAP, TLS,... • Use the library for constructing an FPP • Use the library for constructing BEs • Plumb with existing fed software • Other application areas • Interact with the HLS

More Related