The PM cell may be accessed either by an i2b2 client or by another i2b2 cell. The actor is either an end user logging into an i2b2 client, or an i2b2 cell needing to verify a particulary access. The getUserConfiguation request message is sent to the PM Cell and a response message is returned.
When an end user logs into the i2b2 Workbench they enter their username, password and the name of the domain they are logging into. This information is sent in the <message_header> section of the request message that is sent to the PM cell. The PM cell uses these values to authenticate the user. These values may seem to be replicated in the <message_body> section of the response message but they are not used by the PM cell for authentication. The replicated values are used to offer the information to other client-sided tools using the object.
- The password is substituted by an encrypted token for many interactions. The return message will not contain the password.
If a user does not have access to the domain or if the domain does not exist, then the request is considered invalid and the invalid user request is returned. If the user does have access to the domain, then the PM cell returns a list of projects the user has access to and the user has the opportunity pick one in which to continue working. Then a more specific message may be generated to obtain data only relevant to that project.
When another cell access the PM server, the purpose is to see what roles exist for this particular user for this cell. The username, password and domain are still in the <message_header>. The body of the getUserConfiguration message may include the name of the project being accessed. If the user has a role that allows them to access the cell, a valid response message is returned.
In summary, the PM server performs the following steps via the getUserConfiguration message:
- Authentication
- Verifies the user is valid and is associated with the domain provided.
- A blank project will return all the domains for the user.
- Authorization
- Retrieves from the PM cell a list of cells and roles available for this client and returns them in the response.