Gilly Architecture

Gilly is a lightweight plugin/app which runs inside confluence, and communicates with EduBrite microsite to fetch all the data from LMS. 

Communication

Gilly requires connectivity to the EduBrite microsite. Connectivity can be direct or via proxy from the confluence instance. All communication are initiated by Gilly (only outbound from Confluence). These communications are done using HTTP protocol. While configuring Gilly, you need to set Url of the microsite to which it will connect, and API username and password. These details are provided inside the microsite. 

Encryption

Gilly provides an option to use encryption for all the data sent from the microsite to the plugin, and some data encryption on data sent by plugin to the microsite. The encryption is done using asymmetric key cryptography utilizing RSA 1024 bit keystore to create public and private keys and a 128 bit secret key (symmetric). The data is encrypted using the secret key by both Gilly and EduBrite, and the secret key is sent to other party via Http headers by encrypting them using the public key of the other party. This way only the intended party can decrypt the secret key which is required to do the data decryption.

Monitoring

All API calls made by Gilly are tracked and statistics on counts of calls, errors, timings etc are kept in memory, and they can be viewed using Gilly's settings page. 

User and Groups

Gilly provides a way to push the user and group information from Confluence to the microsite via UI. You can choose to push the selected users and groups in this manner. If you don't like to do this, Gilly also has ability to auto create the user in microsite with the same username as confluence's user name when any user tries to access Gilly first time. This behavior can be disabled in microsite. Gilly does not transfers passwords of the users to microsite, only first name, last name, email and username is passed to microsite. Users which get created in microsite in this manner have no password, so they cannot directly login to the microsite, without using Gilly. However microsite admin can set a password for them if needed to allow access without Gilly.

Single Sign On

Gilly establishes an API session upon initialization, and the API session cookie is maintained in memory by Gilly. This API session is used for subsequent requests. When any user tries to access Gilly (e.g. opens training dashboard), Gilly makes an API call to the microsite and passes the current username of confluence user in the http header along with the actual api request parameters. Microsite authorizes the request based on the API session cookie, and uses the username from the header to initialize the user session in the microsite.