Native login implementation¶
Background: sso-provider is a Rails app that provides an OAuth2 interface to OAuth2, LDAP, and local password database backends. It has some problems:
- high maintenance cost
- high admin cost (install/upgrade/troubleshoot)
- unnecessary extra steps in login flow
Proposal:
- Implement the backends in arvados-controller (instead of proxying to RailsAPI and redirecting to sso-provider)
- During transition phase, continue to support sso-provider as a backend
Development/release roadmap:
- Add Google (OpenID Connect) backend as an alternative to sso-provider
- Add LDAP backend as another alternative
- Add password database backend -- or, alternatively, suggest installing an LDAP server
- Remove sso-provider backend
Implementation notes: