The FEderated User Deployment portAL (FEUDAL) is a system for the deployment of user accounts into the local user management systems of multiple (federated) resources. FEUDAL fills the gap between federated users and "legacy" services, that require the creation of user accounts in a service (and often the placement of credentials such as ssh-keys) before a user may log in.
FEUDAL main components
- Web-Portal: The frontend that allows users to interact with the system. The portal allows authentication with OpenID-Connect (OIDC), typically deployed behind an SP-IdP-Proxy. The portal written in angular/js.
The portal shows a list of Virtual Organisations (VOs), including all the services that are enabled to make use of FEUDAL.
- Backend: The backend organises communication and stores all state.
- Clients: The clients are installed at the participating sites. Clients inform the backend about which services it provides, and which VOs are supported. Clients receive deployment requests from the backend that they pass on to the local user management system using adaptors. These adaptors give the local site administrator the opportunity to control and adapt the creation of user accounts.
FEUDAL's key features are
- Realtime deployment: Users receive instant (~1s) feedback on the status of their deployment. We use http sockets with RabbitMQ to push information.
- Asynchronous deployment: if a site is down for a while, FEUDAL will make sure, that all deployments are retransmitted, once the site is back up.
- Future deployments: If a "new" site joins the VO (or a new VM ist started), FEUDAL can send all deployments for the supported VO.
- Full control integration: FEUDAL uses "call-outs" (that system admins provide) to provision / modify / deprovision users. This gives full control to the admin and ensures that every user-manangement-system (e.g. LDAP) can be supported.
- FEUDAL passes the unmodified userinfo object (from the OIDC-Provider) augmented with some additional information, to the user-management-adaptors.
Public Test Instance
Until end of 2018 the following features will be added
- Deprovisionierung via REST call / polling
- Provisionierung via REST call