Native login implementation

Background: sso-provider is a Rails app that provides an OAuth2 interface to OAuth2, LDAP, and local password database backends. It has some problems:
  • high maintenance cost
  • high admin cost (install/upgrade/troubleshoot)
  • unnecessary extra steps in login flow
Proposal:
  • Implement the backends in arvados-controller (instead of proxying to RailsAPI and redirecting to sso-provider)
  • During transition phase, continue to support sso-provider as a backend
Development/release roadmap:
  1. Add Google (OpenID Connect) backend as an alternative to sso-provider
  2. Add LDAP backend as another alternative
  3. Add password database backend -- or, alternatively, suggest installing an LDAP server
  4. Remove sso-provider backend
Implementation notes: