Versions Compared

Old Version 13

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version 14

changes.mady.by.user Francesco Chicchiriccò

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

This page contains topics supporting ongoing discussion at dev@syncope.apache.org.

Tracked as SYNCOPE-1410.

Overall architecture

Compared to 2.1, a major architectural refactoring is proposed, with the following objectives:

...

draw.io Diagram
bordertrue
viewerToolbartrue
fitWindowfalse
diagramNameApache Syncope 3.0 Architecture
simpleViewerfalse
width
diagramWidth1232
revision3

Discussion items

  1. CLI was deliberately not included in the diagram above: since its introduction in 2.0, no usage at all was reported - maintenance cost does not appear worthwhile
  2. It is hard to imagine how the GUI installer can cope with such complexity; proposal is to remove it as well
  3. The Eclipse plugin seems also to have no users; proposal is to remove it as well
  4. Enduser UI is currently implemented as AngularJS + Wicket application - but the AngularJS code appears somehow "disconnected" from the rest, and it has always been quite troublesome to troubleshoot - proposal is to rebuild as a pure Wicket application, maximizing re-use of components already working in Admin Console
  5. Keymaster shall be based on existing Open Source products as Apache Zookeper or Consul
  6. whilst in 2.1 all applications are built as Java EE, it could be the case to switch to a more microservice-friendly approach: if so, shall we base on
    1. Spring Boot
      1. PRO
        1. easy to migrate (being the current code Spring-based)
        2. widely adopted (status quo)
        3. can be easily converted to WAR, allowing traditional deployment in existing environments
      2. CONS
        1. not real microservice, mostly an embedded Tomcat
    2. Eclipse Microprofile
      1. PRO
        1. promising approach, lot of rumors and buzz around
        2. microservice native
      2. CONS
        1. major rewrite needed in case Spring and / or CXF cannot be re-used
        2. different implementations available, not as stable and widespread as their Java EE counterparts
  7. In previous Syncope versions, an admin can specify an account lockout policy that locks a user out after a number of bad login attempts. The problem is that a malicious user who knows others usernames for an account could lock users out. We should look into adding an account policy option to instead display a captcha after a number of bad login attempts.