Native login implementation¶Background: sso-provider is a Rails app that provides an OAuth2 interface to OAuth2, LDAP, and local password database backends. It has some problems:
- high maintenance cost
- high admin cost (install/upgrade/troubleshoot)
- unnecessary extra steps in login flow
- Implement the backends in arvados-controller (instead of proxying to RailsAPI and redirecting to sso-provider)
- During transition phase, continue to support sso-provider as a backend
- Add Google (OpenID Connect) backend as an alternative to sso-provider
- Add LDAP backend as another alternative
- Add password database backend -- or, alternatively, suggest installing an LDAP server
- Remove sso-provider backend
- https://godoc.org/golang.org/x/oauth2/google, https://godoc.org/golang.org/x/oauth2, https://github.com/coreos/go-oidc
- https://github.com/korylprince/go-ad-auth wraps ldap to make ActiveDirectory easier -- perhaps we would offer an ActiveDirectory backend as well as a generic LDAP backend?
- Controller will probably need to access the sso-provider's database in order to discover the upstream provider IDs for existing users.