Authentication and authorisation infrastructure

Authorisation and authentication processes are a key component of any modern informatics system. Nowadays most online systems require personalisation or restriction of the output data depending on the user identity or permissions. This deliverable tackles the problem of authorising and authenticating users inside of the FNS-Cloud research cloud. 

The deliverable starts with the introduction to the topic and explanation on why the most common approach of shipping local authorisation and authentication (AAI) solution is not suitable for research clouds. Then, a solution is proposed – integration of an AAI into the FNS-Cloud. While AAI can have many meanings and definitions, in this case it’s a central user identity provider, from which application providers can obtain FNS-Cloud members identities. Additionally, the possibility of connecting to other research clouds via federation is discussed, although that is an ongoing effort. 

After proposing the solution, then research is carried out to find and compare software that can be utilised in creating such an infrastructure. It is worth noting that in order to reduce maintenance costs only software which is open-source and free to use was considered in this deliverable. After the evaluation and discussion between FNS-Cloud project technical beneficiaries an open-source identity and access management solution Keycloak was selected and implemented as the base of the proposed AAI system. Additionally, this deliverable provides a manual for application developers on how to integrate with the FNS Cloud AAI.