The Texas Advanced Computing Center (TACC) is home to some of the most powerful
computing resources in the world, including Stampede, ranked 8th fastest supercomputer on the Top500. The TACC Agave API platform provides a set of restful, multitenant services for interacting with the supercomputing resources over http including submitting jobs, managing data and much more. Agave has been leveraging WSO2 API Manager in production for over a year now.
Recently, the Agave platform has experienced tremendous growth to include large organizations such as the iPlant Collaborative which deploys hundreds of front-end web apps serving more than 20,000 scientists.
In partnership with Yenlo and WSO2, TACC is developing a Single SignOn (SSO) solution based on integrating WSO2 Identity Server with Agave’s current API Manager deployments.
In this talk, we review our experiences with API Manager and introduce our SSO solution based on WSO2 Identity Server, including details of our production deployment based on Docker containers, Ansible technology, and more.
6. Powering discoveries...
A Link Between Alzheimer’s and Cancer
Computational systems biology approach
found a link between Alzheimer’s and
GBM, one of the most aggressive forms
of brain cancer.
7. What Does TACC Do?
Mission: To enable discoveries that advance science and society through the
application of advanced computing technologies.
● High performance computing (HPC)
● Cloud & high throughput computing
● Data intensive computing
● Visualization
● Software development & optimization
● Apps & APIs
● Life sciences
● Training & outreach
● Consulting & professional services
10. What Can Agave Do?
● Run application codes
your own or community provided codes
● ...on HPC, HTC, and cloud resources
your own, shared, or commercial systems
● ...and manage your data
reliable, multi-protocol, async data movement
● …in a collaborative way
fine grain ACL for working securely with others
● ...from the web
webhooks, rest, json, cors, oauth2
● ...and remember how you did it
deep provenance, history, and reproducibility built in
13. An Identity Crisis
● Each portal maintains a separate database of users.
● Users have to be vetted manually each time.
● Users have to remember separate credentials.
● No single sign-on.
● No way for share platform assets (apps, jobs, metadata).
18. Identity Server and APIM
● Internal accounts mapped and managed by IS.
○ Self-service reconciliation, password management.
● SSO across web apps now possible.
● Implicit trust between IS <-> APIM.
● Clients use OAuth2 SAML Bearer Assertion.
○ Exchange SAML assertion for bearer token.
● Still working on the IS <-> InCommon trust.
19. Status And Timeline
● In production with APIM.
● Working on InCommon membership and IS deployment.
● Goal is to be in prod with first tenant by summer 2016.
● New tenants will be built leveraging the TACC IS.
● Existing tenants will convert over time, if applicable.