BART LLM Meeting Report

Date: November 19, 2024

Agenda Summary

The meeting addressed critical components of authentication setup, account configuration, server certificate management, and testing plans for the BART Helpdesk Chatbot. The focus was on integrating OpenID and SAML connectors, enabling secure authentication through OneLogin, and ensuring seamless deployment.

Detailed Discussions

1. Authentication Flow

   • OpenID and SAML Connector:
     • The team agreed to use OpenID combined with a SAML connector to handle authentication requirements securely.
     • This setup involves sending Eugene a URL to enable configuration. Once configured, the flow will authenticate users through OneLogin and then redirect them back to the application using the OpenID connector.

2. Configuration of Tulasee’s Account

   • Tulasee’s OneLogin account has been successfully configured to manage the Helpdesk Chatbot. The account has been granted administrative privileges, enabling the ability to oversee app settings and handle SSO-related tasks.
   • A critical point of discussion revolved around the URI configuration. The team debated whether localhost is sufficient for initial testing or if a deployed version of the chatbot is required to complete the setup. This will be confirmed during testing.

3. Server Certificate Request

   • Since the server hosting the chatbot is Linux-based, it was determined that a new Certificate Signing Request (CSR) must be generated directly from the server.
   • This certificate is necessary for securing communications between the server and external services like OneLogin.
   • The team agreed to send documentation detailing the process of generating CSRs specifically from non-Windows servers to facilitate this step.

4. General Authentication Flow

   • An overview of the expected user authentication flow was discussed. For scenarios where users access the application URL directly (instead of clicking an icon or shortcut), the following steps will be implemented:
     1. The application will call BART’s OneLogin system and authenticate the user.
     2. It will send the client ID and redirect the user to the application.
   • This flow ensures that direct access does not bypass security protocols while maintaining user experience continuity.

5. Data Requirements and OpenID Key Usage

   • The team identified the need to retrieve specific data from OneLogin, including:
     • Face recognition information for added security.
     • First and last names to personalize user interactions.
   • While the OpenID key has been integrated, the team remains uncertain if the API will return all the necessary data. Further validation and testing will address this.

6. Administrative Privileges for SSO

   • Tulasee’s administrative access to OneLogin enables direct management of client ID and client secret configurations. This access is pivotal for handling SSO settings and troubleshooting potential issues during deployment.

Key Action Items

• Regenerate CSR:
  • Generate a Certificate Signing Request for the Linux server and submit it for approval. This step is critical for securing the chatbot’s communications.
• Test APIs:
  • Conduct API testing to confirm configurations and retrieve required data (e.g., OpenID key validation and data payloads).
  • Validate the user authentication flow to ensure users can seamlessly access the application regardless of entry point (direct URL or icon).
• Confirm Deployment Needs:
  • Determine whether localhost is sufficient for testing or if a deployed instance is mandatory for authentication flow validation.

Conclusion

The meeting successfully outlined the next steps for finalizing the authentication flow, ensuring security measures, and enabling smooth user access to the Helpdesk Chatbot. By addressing both technical configurations and deployment concerns, the team is positioned to advance testing and implementation efficiently.