Potential user stories:
As a user I want to be able to use one set of credentials across all of the tools I need access to as an OpenLMIS user.
Note that if we embed portions of Superset within OpenLMIS an OpenLMIS user may not need access to them.
As a system administrator I want to secure my data and ensure no one has more access than they should
Tasks to break out:
Identify actor roles for each component of the reporting stack. Who needs what access?
Decide what tools we want to cover with SSO
At least RBAC for Superset
Maybe RBAC for NiFi Registry, but this requires Kerberos or LDAP
Review existing tools
Review the OAuth process of OpenLMIS
Review Apache Ranger, since it's a common data warehouse RBAC platform
Review existing open source 3rd party SSO solutions
Compare their support for OAuth, LDAP, Kerberos, etc.
Decide whether we use a separate 3rd party SSO or rely on OpenLMIS for user management