OpenID Connect Client Registration API for Federated Cloud Platforms

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.advisor Küpper, Axel
dc.contributor.advisor Slawik, Mathias
dc.contributor.author Berdonces Bonelo, Erik
dc.date.accessioned 2017-06-13T07:41:58Z
dc.date.available 2017-06-13T07:41:58Z
dc.date.issued 2017-06-12
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/26775
dc.description.abstract Nowadays, information technology is a key driver in our world. Big cloud federations are aiming to increase their computing power and achieve better results while being scalable. This huge IT systems are managed by multiple users having different roles and at the same time, new services deployment automation is needed to be able to cope with the rising need of resources. This flexibility in deployment has created concerns on the security and the main- tainability of these extensive systems. These requisites have led to start CYCLONE platform, a project focused to provide authentication and authorization services towards services running under control of federated unions of users. CYCLONE, at the moment working as a proof of concept, now allows to authenticate and authorize access to users using one-click-deployment applications against their federation’s credentials. However, actual SSO systems require registration of the services against their Identity Providers in order to provide user validation. In this master thesis, we present two the components of CYCLONE. The first one is a service registration for clients of the OpenID Connect Single Sign-On protocol that allows newly deployed services to be registered automatically against CYCLONE’s SSO component, using RedHat’s Keycloak authentication solution. Based on the real world scenarios that defined the CYCLONE platform, we have designed and implemented a solution alternative to the ones provided by Keycloak, and to evaluate it we have compared it to Keycloak’s alternatives. As a result we have created a simple API implementation from where it’s possible to track who is executing this registrations of new clients, in comparison to the anonymous ones provided by other solutions. The second one is a module that allows easy SSH authorization through the use of CYCLONE’s SSO backend as identity provider and that has been evaluated and tested by one of CYCLONE’s use cases. en
dc.format.extent 62
dc.format.mimetype application/pdf en
dc.language.iso en en
dc.title OpenID Connect Client Registration API for Federated Cloud Platforms en
dc.type G2 Pro gradu, diplomityö fi
dc.contributor.school Perustieteiden korkeakoulu fi
dc.subject.keyword cyclone en
dc.subject.keyword OpenID connect en
dc.subject.keyword keycloak en
dc.subject.keyword PAM en
dc.subject.keyword SSH en
dc.subject.keyword federation en
dc.identifier.urn URN:NBN:fi:aalto-201706135534
dc.programme.major Distributed Systems and Services en
dc.programme.mcode SCI3021 fi
dc.type.ontasot Master's thesis en
dc.type.ontasot Diplomityö fi
dc.contributor.supervisor Heljanko, Keijo
dc.programme Master's Programme in ICT Innovation fi
dc.ethesisid Aalto 9505
dc.location P1


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive


Advanced Search

article-iconSubmit a publication

Browse

My Account