Details
-
Improvement
-
Status: To Do
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
At present we store user credentials un-encrypted in a mysql database behind the rest service.
We should move towards integration with existing user stores (LDAP) and applying secure SSO to each of the Metron user facing components.
Apache Knox provides SSO services aggregating and integrating other IDPs, and SSO authentication for a number of the other components in our stack. We should integrate our authentication with Knox.
Attachments
1.
|
Add Knox to Blueprints for full dev | In Progress | Simon Elliston Ball | |
2.
|
Move hosting of Alerts and Config UIs from Nodejs to Spring Boot | In Progress | Simon Elliston Ball | |
3.
|
Mpack updates for LDAP, SSO config and removal of JPA | In Progress | Simon Elliston Ball | |
4.
|
Remove the JPA and MySQL elements | In Progress | Simon Elliston Ball | |
5.
|
Remove login services and screens from UIs | In Progress | Simon Elliston Ball | |
6.
|
Create a Knox Service as SSL gateway | To Do | Unassigned | |
7.
|
Pass through of CSRF protection for proxied api calls | To Do | Unassigned | |
8.
|
Add users to role mapping for ldap based Metron REST | To Do | Unassigned | |
9.
|
Create an architecture document | To Do | Unassigned | |
10.
|
REST tests should use Embedded LDAP in metron-security | To Do | Ryan Merriman | |
11.
|
Front-end authentication simulation for development environments | To Do | Simon Elliston Ball |