Assignment 5
Milestone 1: Sunday 5/16 (20 points)
Milestone 2: Sunday 5/23 (20 points)
Milestone 3: Friday 5/28 (30 points)
Final deliverable: Wednesday 6/2 (30 points)
Your mission: Enable
logins into OpenSim worlds from external identification services.
This assignment involves advanced programming and the assimilation of advanced
Web interoperability concepts. You can do it alone or in a group of 2.
Form of submission: Zip file in EEE.
Goals:
- First-hand experience with OpenID, OAuth and similar mechanisms
Necessary software
components:
- All components from previous homework
- MySQL: mandatory this time. Follow the instructions for how to prepare MySQL for OpenSim.
Preliminaries:
In this homework we are going to use the diva distribution of OpenSim again. You will need to run both Wifi and a simulator configured in standalone mode. Even if you have the version of diva-distro and opensim that you used for homeworks 3 and 4, put those aside, and clone the latest:
$
git clone git://github.com/diva/diva-distribution.git
Design of this feature
The Second Life viewer poses some obstacles to achieving our goal, because it has a fixed interface for logging in, and it hashes the user's password before sending it our way. As such, we are going to have to work around it. Instead of using the viewer directly for login, a user logging in with external identity first logs in to Wifi. Wifi does the necessary authentication and stores the necessary information. Finally the user logs in with the viewer. Both logins need to be done from the same computer. Here is the illustrative diagram:
Most of your work is going to happen on Wifi. An additional, smaller, part will be in the Login service of OpenSim.
Task / Milestone 1
Install all components and run them successfully. Get Wifi.ini for Wifi and this OpenSim123.ini for OpenSim, and place them both under bin of the diva-distribution.
Edit Wifi.ini and search for the following text:
ConnectionString = " ... Password=opensim123;"
Replace the password for the one you used when you created the opensim account in your DB.
Edit OpenSim123.ini and search both for:
storage_connection_string=" ... Password=
opensim123;"
ConnectionString = " ... Password= opensim123;"
Replace the password in both places for the one you used when you created the opensim account in your DB.
Then you can finally run. Both programs are run from the bin directory under the diva-distribution.
$ [mono] Robust.exe -inifile=Wifi.ini
To connect to Wifi, point your browser at http://localhost:8080/wifi
$ [mono] OpenSim.exe -inifile=OpenSim123.ini
// For 64-bit machines:
// rename Opensim123.ini OpenSim.ini; make sure it's readable
// $ OpenSim.32BitLaunch.exe
This time, upon starting the simulator for the first time, choose all the defaults; change only, perhaps, the region name. The external IP address can stay the default one, since you are not going to connect this simulator anywhere, it will run in standalone mode on your computer.
To connect the SL viewer to your standalone world, use -loginuri http://localhost:9000
Deliverable 1: a picture of your screen showing: a terminal window running Wifi, a terminal window running OpenSim, some evidence of the MySQL server running, a browser showing Wifi, and the SL viewer with you logged in to your standalone world. I want to see all these windows on your screen. Submit that picture to EEE by the stated date.
Task / Milestone 2
Study the authentication protocol of your choice. You can choose between Facebook's Graph API, Google's OpenID/OAuth, Yahoo's regular OpenID, UCI's WebAuth, or any other of the same species. Also study the .NET API and other libraries packaged with OpenSim in order to find out how to send HTTP requests to the external ID provider. Suggestions to look at:
- System.Net.HttpWebRequest (search for examples of how to use it in the OpenSim code base)
- OpenSim.Framework.Communications.RestClient (search for examples of how to use it in the OpenSim code base)
- DotNetOpenId's OpenIDRelyingParty (see examples). Note that OpenSim comes with DotNetOpenID.dll if you plan to use it.
Deliverable 2: a short document describing which protocol you chose, and details on how you are planning to implement it in Wifi. I don't want a repetition of what you read in the documentation of the protocol of your choice. I want details about 1) What changes you plan to do to Wifi in order to implement external authentication (so new handlers, etc); and 2) which classes in .NET or others provided by OpenSim you are planning to use in order to interact with the external identity provider. Submit the document to EEE.
Task / Milestone 3
Implement the authentication process between Wifi and the external ID provider. This involves Wifi programming of the kind you did for Homework 3. Extend Wifi with this new feature. Start by adding an icon/link in the login-logout area for users to login via the external ID provider - that link is the beginning of the authentication procedure.
After authentication, your Wifi extension should be storing something on the database. This something should be a GridUserInfo object, via the LoggedIn method, meaning that we are storing the existence of a user of the grid, even if that user doesn't exist in the local User Account service. You need to think carefully about how to identify this Grid User - that is the crux of this feature! Remember, on the next step (task 4) the login service will need to retrieve that info, authenticate and authorize the user logging in with the SL viewer. This needs to be done in a secure manner. You need to identify the possible security vulnerabilities, and design your feature so that those vulnerabilities can't be exploited.
At this point, your Wifi feature should be implemented and running, even if the final part is not done yet.
Deliverable 3: A zip file in EEE containing the entire addon-modules directory, with your extensions to Wifi, and the WifiPages directory, with your extensions to the html pieces.
Task / Milestone 4 - Final
deliverable
Implement the login procedure between the SL Viewer and diva-distro's LoginService. There are plenty of comments in that code that will guide you through what's needed. Suggestion for the user interaction:
In the SL viewer, an external user should enter:
First Name: external user name
Last Name: external ID provider
Password: anything / not used
Make changes to the previous version of your Wifi extension, if needed.
Deliverable 4: A zip file in EEE containing the entire addon-modules directory, with your extensions to Wifi and your completion of Diva.LoginService. Additionally to the complete code, include the patches. Also add a picture of an external user's avatar logged in world -- we should see the first name / last name on top of its head.
Extra Credit (20 points max)
Add a LICENCE.txt to your zip file if you would like to donate your code to the diva distro project. If I end up integrating it in the diva distro project, you will have complete extra credit, otherwise 5 extra points for trying.