2.2. Functional components#
This section provides an overview of the functional components of Univention Nubus for Kubernetes. For each component, it describes the purpose and the main tasks.
Fig. 2.5 provides an overview of all the functional components grouped by their main tasks:
Univention Nubus for Kubernetes consists of the following functional components:
2.2.1. End user facing#
Functional components that provide features that directly serve the end user are end user facing. These components are the following:
Portal
End User Self Service
Management UI
2.2.1.1. Portal Service#
The Portal Service is a web application that shows administrators and end users the applications they have access to, manages sign-in and sign-on redirects, and visually integrates different applications into one desktop.
- Purpose
Delivers customer access, for example for end users.
Delivers access to administer user accounts and user groups in Univention Nubus for Kubernetes.
Delivers user interface (UI) integration layer for other services.
- Tasks:
Login form for end users to sign in.
Portal UI.
Link to end user self service.
Link to administer user accounts and user groups.
Link to other modules.
Present notifications from a central notification service.
See also
- Portal Service in the interfaces section
for information about incoming and outgoing interfaces.
- Portal Service in the deployment view section
for information about Docker images, Kubernetes pods, and Helm Charts used for deployment.
- Portal Service in components section
for information about internal components and behavior.
2.2.1.2. Management UI#
The Management UI allows customers to administer IAM resources like user accounts and user groups.
- Purpose
User interface (UI) for administration of directory objects, such as user account objects, user group objects, and asset objects. Administrators manage user account and group objects through the Management UI, if Nubus has no external IAM system connected. For more information, see Connectors.
- Tasks
CRUD operations for directory objects, such as user account objects and user group objects.
UI for the CRUD operations that depends on permissions.
See also
- Management UI in interfaces protocols section
for information about incoming and outgoing interfaces.
- Management UI in the deployment view section
for information about Docker images, Kubernetes pods, and Helm Charts used for deployment.
- Management UI in components section
for information about internal components and behavior.
2.2.1.3. End User Self Service#
The End User Self Service allows end users to modify certain data of their own user account object, including a password reset service.
- Purpose
UI for end users to manage distinct attributes of their user account object
- Tasks:
Maintenance of user account data, such as profile information.
Actions for forgotten password and password change.
See also
- End User Self Service in the interface section
for information about incoming and outgoing interfaces.
- End User Self Service in the deployment view section
for information about Docker images, Kubernetes pods, and Helm Charts used for deployment.
- End User Self Service in components section
for information about internal components and behavior.
2.2.3. Integration#
Functional components listed in this section provide functions for the integration of the components into the central user interface (UI), as well as, the Authentication and Authorization. They’re the following:
Intercom Service
Provisioning Service
2.2.3.1. Provisioning Service#
The Provisioning Service notifies interested services of changes to directory objects in the Identity Store and Directory Service. For example, imagine a service that wants to take action in its database, such as populating initial data for a user when an administrator creates a user account in the IAM database. Interested services register with the Provisioning Service in advance.
- Purpose
Connection and synchronization of user account objects, user group objects and asset objects, that the Identity Store and Directory Service manages, with functional components that have their own data persistence.
- Tasks:
Informs about changes in the Identity Store and Directory Service.
Delivers objects based on events from the Identity Store and Directory Service to the functional component.
See also
- Provisioning Service in interfaces and protocols section
for information about incoming and outgoing interfaces.
- Provisioning Service in deployment view section
for information about Docker images, Kubernetes pods, and Helm Charts used for deployment.
- Provisioning Service in components section
for information about internal components and behavior.
2.2.3.2. Intercom Service#
The Intercom Service is an intermediary for communication between applications like Nextcloud, OX App Suite and Matrix.
- Purpose
Intermediary to allow sharing of resources between different backends directly from the browser.
- Tasks
Provide restricted usage of resources across functional components.
See also
- Intercom Service in interfaces protocols section
for information about incoming and outgoing interfaces.
- Intercom Service in components section
for information about internal components and behavior.
2.2.4. Connectors#
Connectors enable the connection of external systems to Nubus.
2.2.4.1. IAM Connector#
A central external identity and access management (IAM) system is the leading and authoritative source system for management and maintenance of user accounts and user group memberships.
- Purpose
The connector serves the setup of a direct interface between the external IAM and the Authentication and Authorization from Nubus.
- Tasks
Synchronize user account and user group data from the external IAM to Nubus.
Provide an unidirectional or bidirectional synchronization.
See also
- IAM Connector in components section
for information about internal components and behavior.
2.2.4.2. Nubus Directory Importer#
The Nubus Directory Importer is a distinct implementation of the IAM Connector, as shown in Fig. 2.10.
- Purpose
The connector synchronizes the Directory Manager in Nubus with the directory structure of several external directories using LDAP.
- Tasks:
Search for user account objects and user group objects in the source and the target through LDAP.
Determine the differences between the source and target to calculate the modification operations.
Synchronize the found objects to the Directory Manager through the UDM HTTP REST API.
See also
- Nubus Directory Importer in components section
for information about internal components and behavior.
- How-to connect to external IAM
for more information about how to connect Nubus through the Nubus Directory Importer with an external directory service.