ElasticJob UI now supports Auth 2.0, OIDC and SAML single sign-on thanks to Casdoor · ShardingSphere - Blog

ElasticJob UI now supports Auth 2.0, OIDC and SAML single sign-on thanks to Casdoor

img

If you’re looking to add SSO to the administration console when using ElasticJob UI, this article will help you tackle this user management problem using ElasticJob UI’s built-in Casdoor.

Background

ElasticJob UI is the visual admin console of ElasticJob, whose target users are developers and DevOps teams rather than users. Generally, it is deployed only in the internal environment and thus its R&D focus more on its features.

Any open source project will inevitably become an object of interest for security researchers. Previously, security researchers submitted a lot of security issues on ElasticJob UI to the Apache ShardingSphere community without considering its actual usage scenario.

After careful considerations regarding dealing with those security vulnerability reports, the community decided to stop maintaining ElasticJob UI.

The Casdoor community members noticed our discussion about stopping the maintenance of ElasticJob UI and thought it would be a loss to deactivate ElasticJob UI because of unrealistic security reports.

If ElasticJob UI would be connected to Casdoor, it would be improved in terms of authentication security and features. In this context, the Casdoor and Apache ShardingSphere community reached a consensus on collaboration.

How to connect ElasticJob UI to Casdoor?

Step 1: Deploy Casdoor

The source code of Casdoor is on GitHub, and its boot mode includes development mode and production mode. The development mode is taken as an example here. Please refer to this link for more details.

Backend boot mode

go run main.go

Front-end boot mode

cd web
yarn install
yarn start

Step 2: Configure Casdoor and obtain the required data

img

The red arrows indicate what the backend configuration requires, with “Redirect URLs” referring to the address where you perform a callback.

We also need to find the corresponding cert we selected in the cert option, such as cert-build-in here. A certificate is also needed.

img

For additional Casdoor documentation, please refer to this link.

Step 3: Configuration in ElasticJob UI

Find application.properties in shardingsphere-elasticjob-ui and configure it.

img

Paste the data we obtained from Casdoor into the corresponding position as follows:

img

Now, we can use Casdoor in ElasticJob UI.

Once the ElasticJob’s admin console connects to Casdoor, it will support UI-first centralized identity access/single sign-on based on OAuth 2.0, OIDC and SAML.

Thanks to developers from the Casdoor and Apache ShardingSphere community, our collaboration has been going on in a smooth and friendly way. At first, jakiuncle from Casdoor proposed an issue and committed a PR, and then our Committer TeslaCN and PMC tristaZero reviewed the PR. This cross-community collaboration stands as a testament to the Beaty of open source.

About ElasticJob UI

ElasticJob is a distributed scheduling solution oriented towards Internet applications and massive tasks.

It provides elastic scheduling, resource management, and job governance combined with open architecture design, building a diversified job ecosystem. It uses a unified job API for each project.

ElasticJob-UI is the visual admin console of ElasticJob, supporting dynamic configuration, job management and control, job history retrieval and other features.

🔗 GitHub

About Casdoor

Casdoor is a UI-first identity access management (IAM) / single-sign-on (SSO) platform based on OAuth 2.0 / OIDC. Casdoor can help you solve user management problems. There’s no need to develop a series of authentication features such as user login and registration. It can manage the user module entirely in a few simple steps in conjunction with the host application. It’s convenient, easy-to-use and powerful.

🔗 GitHub