Challenge Overview

In this challenge series we’ll be developing a SSO solution that will be a reverse proxy to a target application. It will authenticate users via LDAP, then authorise logged in user to perform requested action. Authorization will use a set of rules and policies, and will set additional HTTP headers to the proxied request. Application will have a separate management interface to manage policies, rules, headers and users.

 

This challenge will implement LDAP service and a REST controller. We’ll use Spring as the application framework, and will use with SpringBoot to bootstrap the application. MongoDb will be used as a database and Spring Data to access the database (not needed in this challenge). All configuration can be done using annotations (xml,JPA configurations aren’t required).

Swagger spec for the API, sample postman collection for verification and unit tests are required.

 

Attached in the forums is Functional Requirements document that explains all the features and use cases the end system will have. The LDAP service you create here should support all the LDAP related actions in the use cases 1-10. Specifically, your service should have the following features:

  • Specify target LDAP server attributes (url, username, password, root scope). The service will be used to connect to multiple ldap servers, so this can’t be static configuration.

  • Authenticate user via username/password (return user NT ID, and list of groups the user is a member of)

  • List LDAP users and groups

  • Evaluate a rule - this is essentially just to check if a query will return any results. Rules are strings (ldap queries), for example “cn = CS Agent;ou = PartnerWEB”

  • Get values for a list of attributes of user (inputs are user NT ID and list of attributes (ex. sn, pwsubdealerid, etc)

 

Your solution should include instructions for local and Heroku deployment.


 

Final Submission Guidelines

Submit the full source code for the app
Deployment guide (environment, configuration, build, run - local and heroku)
Swagger spec for the API
Postman collection for testing the api
Sample data for testing the services

ELIGIBLE EVENTS:

2018 Topcoder(R) Open

Review style

Final Review

Community Review Board

Approval

User Sign-Off

ID: 30058656