OpenID Connect Client Registration API for Federated Cloud Platforms

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorKüpper, Axel
dc.contributor.advisorSlawik, Mathias
dc.contributor.authorBerdonces Bonelo, Erik
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.supervisorHeljanko, Keijo
dc.date.accessioned2017-06-13T07:41:58Z
dc.date.available2017-06-13T07:41:58Z
dc.date.issued2017-06-12
dc.description.abstractNowadays, information technology is a key driver in our world. Big cloud federations are aiming to increase their computing power and achieve better results while being scalable. This huge IT systems are managed by multiple users having different roles and at the same time, new services deployment automation is needed to be able to cope with the rising need of resources. This flexibility in deployment has created concerns on the security and the main- tainability of these extensive systems. These requisites have led to start CYCLONE platform, a project focused to provide authentication and authorization services towards services running under control of federated unions of users. CYCLONE, at the moment working as a proof of concept, now allows to authenticate and authorize access to users using one-click-deployment applications against their federation’s credentials. However, actual SSO systems require registration of the services against their Identity Providers in order to provide user validation. In this master thesis, we present two the components of CYCLONE. The first one is a service registration for clients of the OpenID Connect Single Sign-On protocol that allows newly deployed services to be registered automatically against CYCLONE’s SSO component, using RedHat’s Keycloak authentication solution. Based on the real world scenarios that defined the CYCLONE platform, we have designed and implemented a solution alternative to the ones provided by Keycloak, and to evaluate it we have compared it to Keycloak’s alternatives. As a result we have created a simple API implementation from where it’s possible to track who is executing this registrations of new clients, in comparison to the anonymous ones provided by other solutions. The second one is a module that allows easy SSH authorization through the use of CYCLONE’s SSO backend as identity provider and that has been evaluated and tested by one of CYCLONE’s use cases.en
dc.ethesisidAalto 9505
dc.format.extent62
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/26775
dc.identifier.urnURN:NBN:fi:aalto-201706135534
dc.language.isoenen
dc.locationP1
dc.programmeMaster's Programme in ICT Innovationfi
dc.programme.majorDistributed Systems and Servicesen
dc.programme.mcodeSCI3021fi
dc.subject.keywordcycloneen
dc.subject.keywordOpenID connecten
dc.subject.keywordkeycloaken
dc.subject.keywordPAMen
dc.subject.keywordSSHen
dc.subject.keywordfederationen
dc.titleOpenID Connect Client Registration API for Federated Cloud Platformsen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi

Files

Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Berdonces_Bonelo_Erik_2017.pdf
Size:
1.5 MB
Format:
Adobe Portable Document Format