--- ## Authentication and Authorization Service Update 6/3/2019 --- #### Alpha core components - SSO server - Users portal - Application portal - Service data model (REST API) --- #### Users Portal: [cern.ch/users-portal](https://cern.ch/users-portal) <video src="https://espace.cern.ch/authorization-service/SiteAssets/Users_Portal.mp4" controls="controls" style="width:600px;"></video> --- #### Applications Portal: [cern.ch/application-portal](https://cern.ch/application-portal) <video src="https://espace.cern.ch/authorization-service/SiteAssets/App_Portal.mp4" controls="controls" style="width:600px;"></video> --- #### [Attribute Viewer application](https://oidc-attribute-viewer.cern.ch) <video src="https://espace.cern.ch/authorization-service/SiteAssets/Attr_Viewer.mp4" controls="controls" style="width:600px;"></video> --- #### eduGAIN Integration <video src="https://espace.cern.ch/authorization-service/SiteAssets/eduGAIN_Login.mp4" controls="controls" style="width:600px;"></video> --- #### FreeIPA - New fellow started in March - Important progress on hosts registration workflow - Thanks to Julien & Thomas - See [MAlt IAM: FreeIPA Functional Design](https://codimd.web.cern.ch/s/BkpLBppXE) - FreeIPA can replace Active Directory --- #### Alpha testing - **Joni Herttuainen**, API to access RBAC through SSO: SAML - **Axel Naumann & Oksana Shadura**, Root: OAuth2, GitHub - **Manuel Alvarez Alvarez**, FAP-BC: Oauth2 for mobile applications - **Luis Rodriguez Fernandez**, IT-DB: SAML - **Anthony Raanui Baschenis**: Java-based client - **Ricardo Rocha**: OAuth2 - **Eduardo Alvarez Fernandez & Sebastian Bukowiec**, IT-CDA: OAuth2 --- ### What's next - Setup an initial synchronization mechanism for users and (some) groups - Alpha testing with real applications - Groups functionality in the new data model - Collaboration with AIS for knowledge transfer and dynamic functionality - Define token format and policies --- # Questi<i class="fa fa-question-circle " aria-hidden="true"></i>ns ---