Archive
Blog - GSoC - posts for August 2021
Aug 22 2021
GSoC 2021 With XWiki For XWiki-AWS Integration
About me
I am Sanchita Singh, an undergraduate student at Indian Institute of Technology Kharagpur. This was my first time participating for GSoC and I got the opportunity to work under XWiki for developing an easy installation method of production instance of XWiki in AWS account.
Description
The project was aimed to increase the number of active installs in XWiki by providing the end-users with the flexibility to use Cloud Computing or services provided by Amazon Web Services (AWS). There are Three Different parts of this project, three different ways of installing XWiki.
- XWiki installation using Cloudformtion template (This method is for non-developers who want an easy 1-click installation solution, where you can install your production-ready XWiki in a couple of clicks on AWS)
- XWiki installation using CDK code (this installation method is also straightforward, but This method is specifically for developers as they will be able to tweak the configurations of the system as per their need since CDK provides a high-level interface where developers can use high-level languages to interact with lower-level Cfn classes)
- XWiki installation by using AMI on the marketplace (Since marketplace supports only AMI-based templates, we could not use the system design we created for Cloudformation based and CDK-based installation and had to restrict ourselves to EC2 + server-less apps)
Preparation for GSoC
I was going through the list of organizations selected for GSoC 2021 and found XWiki there. While going over the list of proposed projects, the “Amazon AMI for Wiki” got my attention as the requirements of the project align with my experience in the field of Cloud Computing. I started familiarizing myself with community guidelines and made my first forum post introducing myself. I contacted mentors assigned to the project and showed my interest.
During the application period, I tried to understand the technical knowledge that was required for the project and made 3 pull requests according to Jira issues that my mentor raised. I tried different ways of installing XWiki that were already available and started to figure out what AWS resources would be required for XWiki to run. My mentor suggested me to use CDK as it will be easy to replicate Infrastructure as a code and also to keep track of the work being done. Then I started working on my proposal. I wrote whatever I understood to be required for the project and got it reviewed by mentors. Fortunately to my surprise, I was selected for GSoC 2021 under XWiki.
Work Summary
For me, The most challenging part of the project was to decide on the architecture to use to run XWiki without interfering with other servers that might be running in the user's AWS account. With the help of my mentor, I finalized the system design for production-based installations on AWS and created the design wiki for the same. The next step was implementation. But before implementing the design via CDK code I started working on making AMI or EC2 instance using AWS console. @Fawad Ali helped a lot while I was getting repeatedly stuck. After that, I started working on CDK code to deploy XWiki demo/test (with a portable database (HSQLDB) and a lightweight Java container (Jetty)) instance on the user's AWS account. It was just coding the process that I did manually on the console. I also added an easy to edit config-file to change the XWiki version and AWS region according to the user's need. This installation method will require to use of AWS Command Line Interface.
The next step was writing CDK code for installing the production instance of XWiki, without interfering with the already deployed resources in the user's AWS account. Since we will need a VPC so I created a stack for VPC(Virtual private cloud) that will contain all of the other resources. The job zero would be to create encryption keys as they will be needed later for storing the passwords of resources. For hosting XWiki we will need to store files so for that I created a stack for AWS EFS (Elastic File System) This storage was encrypted by using previously created encryption keys and was located in the private subnet part of the VPC. For the database, I chose to use AWS fully managed Aurora DB with MySQL engine. Then I made a stack for ECS( Elastic container service) and the environment variables for connecting to the database from the ones given in XWiki container documentation and Adding the XWiki Docker image from Docker Hub. For ECS fargate service we needed a task definition that involved specifying vCPU resources available to our XWIKI container, RAM resources available to our XWIKI container, and Volumes available to our XWIKI container. The CPU and RAM specification was specified aligned to the XWiki official documentation. and for volume, It basically the connection of the XWiki container to the EFS previously made. after connecting all the resources the last step was to create the ingress layer or connection layer. I then created a stack for AWS loadbalancer which will be open to the world for outbound connectivity and for the target I added ECS fargate service to make the XWiki installation available to the world.
Based on the same architecture I created AWS cloudformation template for XWiki installation using AWS console. This installation method won't require AWS Command Line Interface and can be done in few clicks, by taking user-chosen version XWiki as parameter input. This was done for people with not much technical knowledge to install XWiki without installing anything on the local machine and just by using the AWS console.
Made Amazon Machine Image from EC2 instance running production XWiki (Had to do this because of constraints provided by AWS marketplace). The AMI was not published to the marketplace due to concerns regarding ownership of the project due to credit card requirements for AWS account to publish the AMI from. The AMI has been created in the XWiki SAS AWS account. The AMI has been tested and verified and the XWiki SAS can take it further as per their requirements.
Next, I made Documentation explaining the project and user guide providing a step-by-step guide to deploy XWiki by using cloudformation template and CDK code. also for a better understanding of the project, I Made videos explaining each method and step to deploy XWiki using both installation methods that is CDK code and cloudformation template to put on XWiki's you tube channel to provide better visibility.
Pull-Requests
- Merged pull requests before the GSoC period
Merged Pull requests during the GSoC period
Important Links
- Design Page
- Documentation
- User guide for XWiki installation using CDK code
- User guide for XWiki installation using Cloudformation Template
- Project Repository:
- Video Guides:
Future Plans
I intended to improve this project and also it can act as the starting point for anyone who would be interested in contributing to the project further. A few of the improvements and new features could be the following:
- Automating the AMI building process for every new version release of XWiki.
- Extending infrastructure as code for supporting XWiki with PostgreSQL and MariaDB. Currently, it supports MySQL only.
- Providing installation methods for other cloud-providing platforms, like GCP and Azure.
Remarks
I had a fun and learning experience while working under XWiki. I was afraid of asking questions initially which I overcame to some extent in the whole journey. I loved the XWiki community and I got guidance and help whenever I got stuck. i would like to thank especially @Sachin Chopra@Vincent Massol, @Fawad Ali, @Thomas Mortagne, @Eduard Moraru, Mr. Clément @Ludovic Dubost
.
Aug 20 2021
My Journey with XWiki - GSoC'21 and Beyond
Since the Google Summer of Code 2021 comes to an end, I got to say the experience that I got from this program is indeed amazing. During these 10 weeks, I got to learn a lot of skills and it indeed helped me become a better Software Engineering student. All the credit goes to the very welcoming XWiki community and the wonderful bunch of experienced mentors that we have, here.
About me
My name is Mohammad Humayun Khan. I am currently a 5th-semester Computer Engineering student from ZHCET, AMU, India. I am working on the project "Add WebAuthn support to XWiki" as a GSoC 2021 student here, at XWiki.
Add WebAuthn support to XWiki
The aim of the project is to add Web Authentication (or WebAuthn) support to XWiki open source software which will allow the users of XWiki to authenticate themselves without having to type their password every time they try logging in (removing passwords from the picture, itself). Through this project, we want to go a long way in minimizing some untoward incidents like ‘phishing’, ‘stolen credentials’ and ‘replay attacks', etc. The fact that a password is a shared secret makes it vulnerable. Public-key authentication doesn’t have that weakness, and the WebAuthn API enables servers to register and authenticate users using public-key cryptography instead of a password.
Description
The way we implement this is, we take in the 'username' of an already existing standard XWiki user and then we have the following options:
- Register WebAuthn credentials for this user. These credentials will be saved as custom xobjects in the XWiki user profile.
- Authenticate the user: The xobjects saved in the XWiki user profile of a standard XWiki user will be used to authenticate the user.
- Delete credentials: All the xobjects that have WebAuthn credentials for a particular user will be deleted.
We will also have an option to Skip WebAuthn if we are not on a supported browser. This is a fallback to default login form.
Work summary
Community Bonding Period
(May 17, 2021 - June 7, 2021)
The community bonding period started with a video chat between me and my mentors, it was indeed a good session where the mentors told me about the existing practices and the workflow that I should follow while working on the project. After that, I started polishing the skills that were required of me to work on the project (mostly Java and Maven). I looked into some existing authenticators that were already present and used, and I also looked into XWiki's APIs (JavaDoc) in order to better understand their code. I also tried solving existing issues in the main XWiki repo: https://github.com/xwiki/xwiki-platform and in OIDC: https://github.com/xwiki-contrib/oidc in order to learn more about the authentication framework and tools that are being used in XWiki.
First Phase
(June 7, 2021 - July 16, 2021)
I started coding in the first phase on June 14 since I was involved in the end-semester examinations at my university. One of the first tasks involved setting up the maven project for this authenticator. After that, I tried to create a basic authenticator which extended XWikiAuthServiceImpl (the authenticator's only public API which is exposed is recommended to extend it).
I looked into the library, that is supposed to be used for this project: https://github.com/yubico/java-webauthn-server and did detailed research into the JavaDoc in order to get to know about the integration points that it provides. After that, I started adding the data transfer objects that were intrinsically the request objects that were supposed to be given as arguments to the WebAuthn API JS calls: navigator.credentials.create() and navigator.credentials.get(). Also, I added the basic structure for the module and added more utility classes till the end of the first phase and planned on building on the same.
Final Phase
(July 16, 2021 - August 16, 2021)
In the start, I added the events that were to be sent while authenticating the users as well as after adding xobjects to the XWiki user profile, I prepared local cache storage which essentially extended the CredentialRepository: https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/1.7.0/com/yubico/webauthn/CredentialRepository.html interface (one of the integration points for the library) and wrote functions which were supposed to manipulate the database lookups by the library.
The main problem that started to occur was during instantiating the https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/1.7.0/com/yubico/webauthn/RelyingParty.html class which was an entry point into the library. The problem was that this library didn't have anything to do with HTTP requests/responses and only relied upon an embedded server/framework that can send the WebAuthn JS API calls by taking request objects as their parameter, what it did the best was to perform the validation logic after receiving the response from the client. The construction of instances using builders gave me a nightmarish deal as well as I did get a lot of errors while building using maven (the funny part was that, the IDE didn't give any sort of errors as such then). I then commented those classes to at least perform a clean build. In general, in both the registration as well as authentication part of WebAuthn, the whole thing of serializing these requests objects to JSON and then passing it to .create/.get JS calls and then receiving the response from the client, and deserializing it to save in a custom Java object was indeed the most challenging part to me.
During the end of this period, I created the velocity template that will be shown to users when they set it as an authenticator. But I was not able to make it perform the registration and authentication operations due to the limitations of the library. Implementing WebAuthn obviously requires a library that can take care of the requests/responses and the complex server-side cryptographic operations, that are actually the core part of it.
Future plans
I intend to continue working on this project after GSoC as it is my 5th-semester college project as well. The end goal is to provide a cool authenticator to the XWiki open source project which would be future-proof as well as compliant to one of the most sought-after security protocols that are currently being implemented to enhance security in various platforms.
I will try to study the library again, and see/plan with Thomas (authenticators expert at XWiki) about what can we do on the XWiki side to send these requests to the WebAuthn JS API calls and thereafter take care of the serialization and deserialization as well as manipulating the database lookups. If it will not be possible to implement the WebAuthn operations using this library, then I will switch to the https://github.com/webauthn4j/webauthn4j library which is the only other library that supports the WebAuthn based server-side operations in Java. Hoping to make it work!
I will also try to find ways in which I can help the XWiki open source project since I still have 2 years left to graduate and plenty of room for improvements and learnings. I will stay connected with the amazing XWiki community and will try to help newcomers and will also inform if I'll come across an interesting idea to work here, on a project as well.
Lastly
And most importantly, I would like to thank my mentors: Thomas Mortagne and Fawad Ali for taking their time out to help me in resolving my issues and queries whenever I needed them. I seriously could not have wished for any better mentors while working on my first-ever real-world open-source project, they were indeed wonderful.
Also, a big thanks to Eduard (Enygma), Vincent, Simon, Sachin, Manuel, Marius, Clément, and everyone else in the Mentors team for their help throughout the program. Congratulations to the co-GSoC student Sanchita for the work that she has done on her project, it is quite appreciable.
Working as a student here at XWiki has been a fun and enriching experience for me during which I learned a lot of things: debugging, testing, doing a release, communicating in a team, best practices related to software development, etc just to name a few and I am quite indebted to XWiki, for the same.
Some Useful Links
Forum post: https://forum.xwiki.org/t/add-webauthn-support-to-xwiki-gsoc21-project/8812
Design page: https://design.xwiki.org/xwiki/bin/view/Proposal/AddWebAuthnsupporttoXWiki
XWiki Dev project page: https://dev.xwiki.org/xwiki/bin/view/GoogleSummerOfCode/AddWebAuthnsupport2021
XWiki extensions project page: https://extensions.xwiki.org/xwiki/bin/view/Extension/WebAuthn