NIST SSO

[nutjob4life]

Next steps:

1. Use NIST SSO auth provider
2. Authorization at the LabCAS backend level
3. Different user roles for data sharing etc
4. Update ports to avoid cross origin issues in docker
5. Provide simple NIST auth service
6. Set up certs on the NIST servers
7. Discuss about Federation of SSO for authentication if external collaboration is considered

[yuliujpl]

@nutjob4life , from a sequencing perspective, would you need me to update the UI first or should I wait for the backend api? Also, curious how we would even test/evaluate if it works given we don't have access...

[nutjob4life]

@yuliujpl good question! Maybe both? The login workflow requires the UI to be able to redirect to NIST's SSO page and then accept a redirection back—and the backend requires an update to analyze the JWT received from NIST's SSO and take appropriate steps for authorization—which means it also needs APIs for its rudimentary username/group management features.

Regardless, I think we need to wait for Deoyani's updated prototype code. I believe she said something about a pared-down or simplified demo that we were supposed to work against, right?