Accessing OpenRiskNet applications as an end user
How to login
The OpenRiskNet reference site using social Identity Providers for managing logins. Currently the following providers are supported:
- GitHub
We prefer you use LinkedIn if possible as that potentially allows us to use LinkedIn for collaboration and communication amongst our users.
Using a social Identity Providers means that we NEVER see your password. You authenticate with the social media provider and if successful they forward you back to the OpenRiskNet site. We only store minimal information about you, your name and email.
The OpenRiskNet applications use a single sign on (SSO) system so that once you are logged in you are logged in to all OpenRiskNet applications on the site. No need for multiple usernames and passwords. The first time you access an application that requires authentication you will be taken to the login page and you specify which Identity Providers to use.
Choose the login provider on the right hand side (preferably use LinkedIn) and you will be taken to that site and asked to log in (if not already logged in). The first time you do this you will be asked to confirm that you want OpenRiskNet to use your login. You must agree to this. Once you login you are automatically redirected back to the OpenRiskNet site.
API Access
When you log in using an Identity Provider such as GitHub or LinkedIn you are essentially linking those logins to your SSO identity. You have a SSO username (determined from the details provided by the Identity Provider) but that SSO account does not by default get a password as you are logging in through the Identity Provider.
However, if you are accessing one of the OpenRiskNet APIs and need to get an authentication token then you will need a password. To set one up go to your account page, login through the GitHub or LinkedIn Identity Provider, and then you can set yourself a password (goto the Password section). Then you should be able to obtain an API token with that username and password.
To obtain a token use a client such as curl. Typically do something like this (details may differ between different APIs):
token=$(curl -d "grant_type=password" -d "client_id=client" -d "username=username" -d "password=password"
sso.prod.openrisknet.org/auth/realms/openrisknet/protocol/openid-connect/token 2> /dev/null
| jq -r '.access_token')
Replace client, username and password with the appropriate values. You can use 'echo $token' to make sure you have obtained a token.
Note that assumes you also have 'jq' installed. If not then just execute the basic curl command and copy out the access token part.
Notes
- We have noticed that using the LinkedIn login you sometimes get a 504 error after logging in to LinkedIn (you are not successfully redirected to the OpenRiskNet site). If you try a second time this should work. We are working to resolve this.
- If you log in with multiple Identity Providers that use the same email address then you will be taken through extra steps to link the two logins. Best to avoid this by sticking with a single provider.
We provide open access to the OpenRiskNet applications on a "best effort" basis to allow users to evaluate and test the environment. This environment is not suitable for production use or for handling data that is confidential. Instead you should set up your own OpenRiskNet VRE that is under your control. Information on this can be found here.
We do not restrict who uses the OpenRiskNet applications, but as the resources on which it runs are limited we expect usage to be resticted to a reasonable level. If we consider this is being abused then we may disable accounts or restrict access to particular applications.
Support
We aim to support our users on a "best effort" basis. We cannot provide guarantees of response times, but we aim to assist as best we can. If you need support the best mechanism is through our FreshDesk support system.