CPS-VO WebGME Authentication | Cyber-Physical Systems Virtual Organization

CPS-VO WebGME Authentication

Any design studio that is embedded on the VO must be served over SSL with a valid certificate signed by a certificate authority (no self-signed certs). We also require that there be documentation with an exemplar to help a user new to the tool get started and familiarize themselves with the features. Lastly, as an open-source platform that exists to promote and share technologies with the goal of advancing science, we ask that source materials for reproducing and validating the setup of the tool are made available so others can setup a local copy if they so desire for offline use.

The following steps are necessary specifically for integrating a WebGME-based design studio:

1. Key Generation

Before enabling authentication we must generate the RSA Keys. These are used by the server to encrypt (the private key) and decrypt (the public key) the tokens containing the user-id. If we do not generate our own keys and set the configuration to use these new keys, the example keys checked into the webgme repo will be used (which of course is a pretty bad idea).

Create a new directory, token_keys, outside of the repository (if not guarded against all files under the cwd of the express server can accessed).
Using openssl (available for windows, the first step is to generate a private key
openssl genrsa -out token_keys/private_key 1024
and from it generated a public key
openssl rsa -in token_keys/private_key -pubout > token_keys/public_key

2. WebGME Configuration

Once the keys are generated on the webgme server, send the private key to the CPSVO team for WebGME-CPSVO authentication integration.

Add following configuration options on the WebGME for CPS-VO integration example in the file : webgme/config/config.default.js

#enable authentication config.authentication.enable = true;

#allow users to create projects from V2.12 webgme version config.authentication.inferredUsersCanCreate = true;

#disable guest authentication config.authentication.allowGuests = false;

#disable user registration config.authentication.allowUserRegistration = false;

#Login and logout URLs should point to the CPS_VO_GROUP config.authentication.logInUrl = 'http://cps-vo.org/group/CPS_VO_GROUP_NAME' config.authentication.logOutUrl = 'http://cps-vo.org/group/CPS_VO_GROUP_NAME'

#This assumes the keys are placed outside the webgme-app folder. i.e. in the `../../token_keys` directory config.authentication.jwt.privateKey = path.join(__dirname, '..', '..', 'token_keys', 'private_key'); config.authentication.jwt.publicKey = path.join(__dirname, '..', '..', 'token_keys', 'public_key');