-
Notifications
You must be signed in to change notification settings - Fork 94
Implement a SAML 2.0 service provider (SP) into mscolab : GSOC 2023
Student : Nilupul Manodya
Organisation : Python Software Foundation
Sub-Organisation : Mission Support System (MSS)
Mentors : Reimar Bauer, Matthias Riße, Jörn Ungermann, Christian Rolf, Sonja Gisinger
You can checkout my weekly blogs on python-gsoc website and my proposal !
The Mission Support System simplifies planning scientific flights, measuring atmospheric parameters. It aids research aircraft carrying diverse data acquisition instruments from various institutions. These measurements enhance understanding of atmospheric processes, crucial for climate change and ozone hole recovery. MSS uses model simulations to guide flights, considering conditions like altitude, temperature, and permission. The primary goal of my project was to enable seamless integration of the MSS collaboration server with existing identity providers using SAML 2.0 authentication. This involved implementing a service provider (SP) on the server side and integrating authentication into the QT client application.
-
Implemented SAML 2.0 Authentication.
- Set up an Identity Provider (IdP) for testing purposes.
- Configured the MSS collaboration server as a SAML service provider (SP) to enable Single Sign-On (SSO).
- Integrated SAML-based authentication into the QT client application, allowing users to authenticate via a browser login process.
- Implemented error handling and logout functionality in the client application for a seamless user experience.
-
Integration with Existing Identity Providers.
- Integrated the collaboration server with established identity providers like Keycloak using their SAML metadata files.
- Customized the user experience by modifying login pages and error pages based on IdP specifications.
-
Server-Side Configuration.
- Collaborated with mentors to configure the project on a remote server, to provide metadata to the configurations of the IdP end to enable the seamless Single Sign-On (SSO) process.
Created developer and user documentation, ensuring clarity in understanding the integration process and usage guidelines.
- Documentation for configuration MSS Colab Server with Testing IdP for SSO can be find here.
- Documentation SSO via SAML Integration Guide for MSColab Server can be find here.
The project is now at a functional state, allowing users to authenticate via SAML 2.0 with various identity providers. The authentication flow has been successfully implemented both on the server side and within the QT client application.
A demo video covering important features of mscolab can be viewed here.
All the implemented features and changes have been merged upstream into the Open-MSS GSOC2023-NilupulManodya branch codebase. The collaboration server now includes the SAML 2.0 authentication module, making it available for all users.
The following is a table for all the Pull Requests that merged into the branch GSOC2023-NilupulManodya.
| Code Contributions | Link to the relevant PR |
|---|---|
| Setting Up a Service Provider and an Identity provider for Local testing | https://github.com/Open-MSS/MSS/pull/1809 |
| UI improvements of Qt client application | https://github.com/Open-MSS/MSS/pull/1813 |
| MSS Web browser implementation for local testing | https://github.com/Open-MSS/MSS/pull/1814 |
| Configuration MSColab server for SSO | https://github.com/Open-MSS/MSS/pull/1818 |
| Improve MSColab for multiple IdP configurations | https://github.com/Open-MSS/MSS/pull/2043 |
| Documentation implementation for the SSO | https://github.com/Open-MSS/MSS/pull/2064 |
| Other minor developments | https://github.com/Open-MSS/MSS/pull/1811 |
| https://github.com/Open-MSS/MSS/pull/2061 | |
| https://github.com/Open-MSS/MSS/pull/2063 | |
| https://github.com/Open-MSS/MSS/pull/2066 | |
| https://github.com/Open-MSS/MSS/pull/2068 |
While the core functionality is in place, a few tasks remain:
- Improve the functional test cases for the developed project by improving test coverage.
- Enhanced Error Handling: Further refinement of error handling mechanisms to cover edge cases and provide informative user feedback.
- Optimizations and Performance: Conduct performance testing and optimize the authentication process for efficiency.
- IdP responses can vary based on the specifically configured IdP; we may need to work on implementations to handle responses from a particular IdP.
- In the current approach, token-based authentication is used after the user successfully logs in through the IdP. However, it can be improved with web polling to provide a smoother user experience.
I want to express my deepest gratitude to my mentors Reimar Bauer, Matthias Riße, Jörn Ungermann, Christian Rolf, and Sonja Gisinger for their invaluable support and guidance throughout this project. Their expertise and encouragement were instrumental in overcoming challenges and achieving the project's objectives. Their timely feedback and insightful suggestions significantly contributed to the project's success.
I also want to acknowledge Google for organizing the Google Summer of Code program for providing me with this incredible opportunity. GSoC has been a transformative experience, allowing me to work on a real-world project, learn from experienced mentors, and contribute meaningfully to the open-source community. I also want to acknowledge the Python Software Foundation, the main organization of this GSoC project, for giving me the ability to work on this project.
The project's codebase and comprehensive documentation are now available for use and further enhancement. I am enthusiastic about any feedback and suggestions from the community, which will help refine the project and provide a more robust authentication solution for MSS users. Thank you for your support, The future of seamless, secure authentication in the MSS collaboration server awaits! I hope you will enjoy :)