Titulo Estágio
SSO Proxy for CERN Java Critical applications
Local do Estágio
CERN IT-PW-ARW
Enquadramento
The deprecation of Java adapters forces developers to find alternative in their code and take care of security aspects that are not always obvious.
Keeping the current solution prevents the team responsible of the service to upgrade Java and Tomcat versions to the latest. This means that the service cannot get latest security patches creating a security risk for applications that are exposed to external world.
Instead find a solution that could support different communities of developers and different use cases will allow to have an easier, more secure way to deal with authentication.
The platform team and developers will profit from a standard solution that doesn’t require to interact with source code of the application.
Objetivo
We should investigate the available solutions that allow to separate the implementation of authentication from the core business of the application.
The output should be a working prototype that allow users to authenticate against CERN SSO system without any modification on the source code of the application. This will simplify life of developers and increase security.
This prototype should be as much as possible generic and re-usable for all the users' requirements that the service has.
Plano de Trabalhos - Semestre 1
• Understand basic concepts and differences of OAuth2, OIDC and SAML
• Gather requirements for each of the use cases hosted at CERN (Web Apps, 3rd party apps, etc)
• Define a generic design that could fit all the use cases and minimize impact on developers
• Implement a PoC (Proof of concept) that demonstrate the validity of the design mentioned above.
Plano de Trabalhos - Semestre 2
• Make the PoC production ready
• Get familiar with Kubernetes, GitOps, Helm
• Deploy the new component on top of Kubernetes
• Validate with developers that the new component is respecting their requirements
Condições
• An allowance of 3407 Swiss Francs per month (net of tax).
• A travel allowance
• Coverage by CERN's comprehensive Health Insurance Scheme
• 2,5 days of paid leave per month
Observações
N/A
Orientador
Antonio Nappi
antonio.nappi@cern.ch 📩