This is an InterMine Authorization Server built with Spring Boot 2.x OAuth2 which allows to access all 30 InterMine instances using a single account.
- OAuth2.0 Configured Server
- User login & registration
- Client registration
- User dashboard
- Admin dashboard
- Migration Supported
- Cross domain SSO Supported
- Easy configurations
- More Secure
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
What things you need to install the software and how to install them:
- Postgresql - Database
- IDE- OPTIONAL
A step by step series of examples that tell you how to get a development env running.
Create your own database in postgresql.
CREATE DATABASE <your database name> ;
Create a user and grant access to that user.
CREATE USER <your user> WITH ENCRYPTED PASSWORD <'yourpass'>;
GRANT ALL PRIVILEGES ON DATABASE <your dbname> TO <your user>;
Update these configurations in application.yml file of project inside resource directory.
NOTE: Resource directory contains a predefined script for database table creation so no need to create any tables on your own.
Clone this repo on your local system and follow these commands:
i. Change directory to this project
cd intermine-authorization-server/
ii. Build using mvn
mvn pacakage
iii. Run jar file using java
java -jar target/authserver-0.0.1-SNAPSHOT.jar
Below queries will create an Admin account with following credentials:
INSERT INTO role(id, name) VALUES (1, 'ROLE_ADMIN');
INSERT INTO users(user_id, name, username, password, email, enabled, accountnonexpired, credentialsnonexpired, accountnonlocked) VALUES (2, 'Admin','admin','73f841d7321aa6ae28a8d8989d100416', '[email protected]', true, false, false, false);
INSERT INTO role_user(row_id, id, user_id) VALUES (2, 1, 2);
| Admin Username | Admin Password |
|---|---|
| admin | Admin@123 |
- Create a New account on IM auth server
Open http://localhost:8282/intermine in any web browser. You will be redirected to home page of authorization server from where you can choose profile from the menu bar. Once you open your profile you will be redirected to login screen page and can create a new account on this IM auth server.
- User Dashboard
Once you logged in successfully then will be redirected to your dashboard from where you can manage all your client and your profile. You can register a new client or can also manage your already registered clients. From dashboard you can also change your account password.
- Register a new client
Only those user can register a client on InterMine auth server which are having account on it. Click on the register client bar from your dashboard and fill up the client registration form with some basic required information
You will get your client id and secret once InterMine admin verify it.
- Admin Dashboard
You can login from same login page with the admin account credentials and on successful login you will be redirected to admin dashboard. Here are some features of admin dashboard:
- Can manage all the user accounts
- Can manage all the registered clients
- Can verify the clients
Verify any registered client with a simple click on verify button
- Client Management
User can manage registered client and access their credentials too from dashboard and is also able to update & delete the clients.
- Client credentials:
Once you get your client credentials i.e client id and secret then add following lines in your mine property file. For example we can add these in biotestmine.properties file:
oauth2.providers = IM
oauth2.IM.client-id = 6870ca9d7e8545e606e26d51fc5b810b53952eaf.apps.intermine.com
oauth2.IM.client-secret = 3fb6de6cef8a94c52b4e33e06802e56ce3ebc809
That's all!!! Deploy your mine and then anyone can login in your mine with IM auth server.
- You can choose IM from the dropdown to login with IM account
- Migration
Once you logged in first time on any mine with the IM account, will be redirected to a merge pop up where you will be asked to merge your previous account of mine if have any otherwise can go with No.
i. If you don't have any previous account you can go with NO. Once you taps on No then you will be asked to give access of your name and email to the client/mine. If you allow it then you will be successfully logged in to the mine otherwise deny will not logged you in to mine
ii. If you want to merge your pervious mine account with this new IM account then tap on YES and you will be redirected to merge form page of mine.
Enter your old mine account credentials and click on the merge account. Once you click on it then you will redirected back to IM auth server page where you will be asked to give access of your name and email to the mine. If you allow it then you will be successfully logged in to the mine otherwise deny will not logged you in to mine
- Cross Domain SSO
Once you logged in to any mine by IM account in your browser then you will be automatically logged in to all of the mine. If you already authorized other mines to access your name and email i.e have already an account on other mine then you will be automatically logged in to that mine if you open it in another tab.
example
example
Deploy this on a live system
- Spring Boot - Used to create stand-alone, production-grade Spring based Applications.
- Maven - Dependency Management
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
- Intermine - Initial work - ry007
See also the list of contributors who participated in this project.
This project is licensed under the GNU Lesser General Public License - see the LICENSE.md file for details
- Hat tip to anyone whose code was used
- Inspiration
- etc