Skip to content
A User Management Integration Guide for NextGEOSS
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
images
README.md
client_implementation.adoc
dev_resources.adoc
dynamic_registration.adoc
general_view.adoc
service_implementation.adoc

README.md

NextGEOSS User Management Integration Guide

Table of Contents

  1. Introduction
  2. General View
    1. Authentication Flows
    2. Client Authentication
    3. Request Endpoints for Authentication
  3. Implementation on the Client Side
    1. Registration
    2. Implementation Solutions
  4. Implementation on the Service Side
  5. Resources for Developers

Introduction

The NextGEOSS User Management (UM) Service provides users with Single-Sign-On (SSO) authentication for accessing GEOSS data and services in a federated environment. In summary, the GEOSS UM Service demonstrates the following functionalities:

  • Allow registration of users into a community (targeting the GEO/GEOSS community) and managing related user 'identity' information (user name, family name, email, telephone number, gender, ...);
  • Allow registration directly via an existing social network login (from a user account on Google, Twitter, Facebook, ...) by importing that user 'identity' information;
  • Allow authentication and authorization mechanisms towards acknowledged third-party services (targeting GEO/GEOSS services), based on user credentials defined at the level of the NextGEOSS UM Service;
  • Allow registration of GEO/GEOSS services or applications (i.e. data harvesting, discovery, access, processing) that shall be subject to the definition of authentication and authorization mechanisms within the NextGEOSS UM Service.
  • Provide SSO capability that enables a registered user to log in once, and access multiple GEO/GEOSS applications where the user signed-up already, without being required to authenticate for each application separately.
  • Allow integration of other SSO systems (handled as identity providers, similarly to the handling of social network providers) in order to provide to existing EO data users a federation of GEO/GEOSS resources (e.g. ESA-https://eo-sso-idp.eo.esa.int, NASA-https://urs.earthdata.nasa.gov/). These systems could be based on different protocols: OpenID Connect, SAML2, Oauth2, ....

The NextGEOSS UM Service is based on OpenID Connect (OIDC) for authentication and UMA for the single-point authorization management allowing integration of social network login (Google, Twitter, Facebook, ...) and other SSO systems to provide a federation (ESA, NASA). Those SSO systems could be based on different protocols: OpenID Connect, SAML2 and OAuth2 integrated through proxies.

This version of the user guide is focusing on the processes to register and integrate NextGEOSS client services or applications (i.e. data harvesting, discovery, access and processing), and leverages the authentication based on OIDC protocol, and the authorization mechanisms based on OIDC scopes or UMA protocol.

You can’t perform that action at this time.