Open KlausIllmayer opened 1 year ago
acdh-ch
commented
1 year ago Keycloak does not support SAML IDP discovery (search) like EOSC Master portal implementation that is now used by SSHOC marketplace. I am not sure if Keycloak is the right solution?
tparkola
commented
1 year ago Before we start analysing options (e.g. Keycloak) let's see what are the possibilities of DARIAH AAI itself and then we can decide. If you provide a link to documentation of DARIAH AAI, then I can check.
KlausIllmayer
commented
1 year ago That would be great, if you can have a look. Here the link to the documentation: https://wiki.de.dariah.eu/display/publicde/DARIAH+AAI+Documentation
acdh-ch
commented
1 year ago DARIAH AAI is based on SAML protocol and that means that app should be configured to use Shibboleth. In SSHOC Marketplace case, that means integrate Shibboleth SP with Spring-boot. Documentation: https://shibboleth.atlassian.net/wiki/spaces/SHIB2/pages/2577072431/NativeSPJavaInstall
We need to change the way how the AAI is implemented, as the current approach will be sometimes in the future deprecated due to changes in the AAI policy. It is necessary to run the AAI via one of the ERICs/EOSC cluster projects. The plan is to use the DARIAH AAI. This needs some adaptions on the server architecture side where we like to use Keycloak. This also means, that there will be some adaptions necessary to the backend code (look especially here in the "code under the security section":https://github.com/SSHOC/sshoc-marketplace-backend/blob/develop/src/main/resources/application.yml @tparkola Do you see any chance that you or someone from your team could get in contact with @dpancic to discuss the changes and implement them? Maybe the implementation of Keycloak in DACE could get hand in hand with this change here?
Adding @vronk to the discussion.