Architecture

In this section we would like to emphasize some of the core parts of the application and describe their inner-workings.

About login process

The program uses the WebSSO support provided by Openstack, whenever the support has been implemented. At minimum the program requires the Openstack instance that it’s supposed to be used with to implement the federated authentication, in which the non-WebSSO token delivery method can be used.

A collection of links to provide a recap of the things necessary to know about Openstack WebSSO implementation:

• Federated authentication API in Openstack

• WebSSO details conveniently explained (or how it works in the OS Horizon dashboard)

• Openstack Horizon dashboard WebSSO guide

The login process follows an almost ordinary process of federated authentication with SAML, but that is something we don’t need to concern ourselves with – Openstack identity API takes care of that. The manual version works in much the same way, but the user is required to copy and paste the token themselves, since Openstack refuses to redirect to untrusted platforms.

Sequence diagram of the login process.

API

Hint

The API has several endpoints, which are documented here. The API can also be used with the convenience functions, located in the api.js file.

Note

All API queries expect an open session to Openstack, which meas the queries towards Openstack are correctly scoped to the open project without further information in the API query. This of course requires a valid session token to be present with every API call.

The following flowchart gives a generic image of the possible responses from the API during normal usage.

Flowchart of the simplified API execute routes upon query.

The api is documented in the api.yml file, that conforms to the OpenAPI specification (the file can be rendered with the swagger editor):