Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Create JWT-based authentication/authorization security manager plugin

Description

Features:

  • Work within existing username/password credential process.

  • Work within existing session management.

  • Work within existing platform permissions scheme.

  • Consume JWT tokens designating authorizations as claims. Tokens should be validated according to OpenID Connect specification. All recommended signing algorithms will be supported.

  • Support concept of short-lived tokens with automatic refresh.

  • Support all platform feature permissions.

  • Support file and workunit scope permissions.

View permissions are a nice-to-have. If not implemented, will default to full access.

The plugin will require an external service endpoint for providing authentication services (via username/password) and returning a valid, signed JWT token. Another service will need to advertise an endpoint that handles automatic token refreshes. Presumption is an integrated service providing a UI for setting permissions will also be available.

Conclusion

None

Activity

Show:

Dan Camper September 9, 2020 at 4:14 PM

Initial PR will:

  • Support user authentication via username/password (what we have now)

  • Support all feature permissions in legacy config mode

  • Support file scope permissions in legacy config mode

  • Support workunit scope permissions in legacy config mode

  • Token refresh

User authentication, feature permissions, and workunit scope permissions are supported in stand-alone esp applications. Container support for the plugin will be provided in a later Jira.

This plugin requires a custom external service to authenticate users and emit a token compatible with OpenID Connect standards. The HPCC Solutions Lab is finalizing such a service, including a web-based admin UI.

Dan Camper August 5, 2020 at 7:56 PM

FYI

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Components

Assignee

Reporter

Priority

Fix versions

Pull Request URL

https://github.com/hpcc-systems/HPCC-Platform/pull/14210

Created August 5, 2020 at 7:52 PM
Updated October 20, 2020 at 8:26 AM
Resolved October 20, 2020 at 8:26 AM