Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthN and AuthZ with PSI #8

Open
pozsa opened this issue Nov 15, 2021 · 2 comments
Open

AuthN and AuthZ with PSI #8

pozsa opened this issue Nov 15, 2021 · 2 comments
Assignees
@sbliven @leosala @pozsa @minottic
Labels
question Further information is requested

Comments

@pozsa
Copy link
Member

pozsa commented Nov 15, 2021

We want to use a publicly available auth option from PSI.
@pozsa pozsa added help wanted Extra attention is needed question Further information is requested labels Nov 15, 2021
@pozsa
Copy link
Member Author

pozsa commented Nov 18, 2021

the usual way to hook up external applications to PSI authentication is through SWITCHaai and adding psi.ch DNS entries happens through the ICT networks team.

SWITCHaai supports SAML2. At the moment the service managers at PSI are responsible for managing their SP’s. At the moment there is no such thing as a central support for SAML2 SP’s.

@pozsa
Copy link
Member Author

pozsa commented Jan 21, 2022
edited

We are going to use a keycloak instance as an auth server that is hooked up to PSI saml.
The public frontend will use PKCE to get an access token from the auth server. The backend will get the JWK set from the auth server and decode the access token to check validity.
This will cover our authn needs.

We'll discuss authz requirements a bit later.

@pozsa pozsa removed the help wanted Extra attention is needed label Feb 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sbliven sbliven

@leosala leosala

@pozsa pozsa

@minottic minottic

Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sbliven @leosala @pozsa @minottic