XSEDE Capability Delivery Plan for "CB-01: InCommon-based Authentication"
Use Case CB-01: InCommon-based AuthenticationArea: Community Building
URLs: Public, Review
Executive Summary: A campus IT administrator would like researchers at his/her campus to be able to login to XSEDE resources using InCommon-based authentication mechanisms.
First CDP: 2016-11-22
- XSEDE authentication still required
- Relationship with 3rdparty InCommon Identity Provider not established
- Web based interface to shell window not provided
|Component||User facing?||Component’s role in the capability|
|Globus Auth||yes||Globus Auth is an identity and access management (IAM) platform service. Globus Auth relies on CILogon for InCommon SAML authentication. Globus Auth provides an OAuth (OpenID Connect) interface for integration of IAM capabilities with XSEDEoperated services, XSEDE Level 13 resources, and campus IT resources. Globus Auth provides the mapping between InCommon identities and XSEDE identities, authorization, group management, and accounting functions.|
|XSEDE InCommon Identity Provider (IdP)||yes||CILogon enables XSEDE users to log in using InCommon SAML authentication. CILogon is an InCommon SAML Service Provider. CILogon provides an OAuth (OpenID Connect) interface for integration with other XSEDE components (e.g., Globus Auth) and an IGTF accredited Certification Authority for issuing certificates based on InCommon SAML authentication for use with XSEDE certificateenabled services (e.g., GSISSH, GridFTP, UNICORE).|
|XSEDE User Portal (XUP)||yes||The XSEDE User Portal (XUP) supports InCommonbased authentication (currently via CILogon, soon via Globus Auth). The XUP also provides a frontend to the XSEDE Resource Allocation Service (XRAS), with support for InCommonbased authentication.|