Difference between revisions of "OpenStack:Horizon User Registration Blueprint"
m |
|||
Line 1: | Line 1: | ||
+ | Allow users to register. Right now only admin can create a new user. | ||
− | + | Workflow | |
+ | ======== | ||
+ | * Add a new signup form in horizon | ||
+ | * Onsubmit event of signup form, send user details to an external service (called it "security service") | ||
+ | * "security service" is nothing it is a webservice (We can use paste.httpserver or flask) | ||
+ | * Why we need an additional service? | ||
+ | * We need admin access to keystone to create a new user. | ||
+ | * We can't login to keystone as admin from horizon, that is a security risk, right ?. | ||
+ | * So I am planning to login to keystone as admin from "security service" | ||
+ | * "security service" will makes an API call to keystone to create a new user | ||
+ | * We can also save additional user details in the field 'text' of keystaon's 'user' table as json object. Or use our on Local DB. | ||
+ | * Security service creates user in disable mode and return the response back to horizon | ||
+ | * horizon will send account activation url to user's email id. | ||
+ | * Once the user clicks on activation link, flow is again same. First comes to horizon, then to 'security service' and makes keystone api call for user activation. | ||
+ | Workflow Diagram | ||
+ | =============== | ||
[[File:Diagram_user_registartion.pdf]] | [[File:Diagram_user_registartion.pdf]] | ||
+ | |||
+ | Mailing List | ||
+ | ========== | ||
+ | [http://lists.openstack.org/pipermail/openstack-dev/2013-November/018523.html Mailig List Discussion] |
Revision as of 06:46, 6 December 2013
Allow users to register. Right now only admin can create a new user.
Workflow
==
- Add a new signup form in horizon
- Onsubmit event of signup form, send user details to an external service (called it "security service")
- "security service" is nothing it is a webservice (We can use paste.httpserver or flask)
- Why we need an additional service?
* We need admin access to keystone to create a new user. * We can't login to keystone as admin from horizon, that is a security risk, right ?. * So I am planning to login to keystone as admin from "security service" * "security service" will makes an API call to keystone to create a new user * We can also save additional user details in the field 'text' of keystaon's 'user' table as json object. Or use our on Local DB.
- Security service creates user in disable mode and return the response back to horizon
- horizon will send account activation url to user's email id.
- Once the user clicks on activation link, flow is again same. First comes to horizon, then to 'security service' and makes keystone api call for user activation.
Workflow Diagram
===
File:Diagram user registartion.pdf
Mailing List