XSEDE Capability Delivery Plan for "IDM-04: Login to XSEDE user portal with a non-XSEDE identity"

Use Case IDM-04: Login to a community’s user portal with an identity from another organization

Area: Account Management
URLs: Public, Review

Executive Summary: A community member needs to login to a community user portal using an identity from another organization because it’s easier than remembering a separate community username and password. (The other organization is most likely the community member’s home academic institution or employer.)

Organization: 
XSEDE
URLs: Public
First CDP: 2017-11-22
Current Implementation Status: 
Issues Remaining: 
  • Ability to specify trusted identity providers
This capability is currently supported by the following 3 components:
Component User facing? Component’s role in the capability
Globus Auth yes XSEDE’s public authentication interface, based on OpenID Connect (OIDC). Globus Auth provides the authentication interface that allows direct XSEDE authentication via 2-legged OAuth2 and indirect authentication via 3-legged OAuth2 and OIDC.
Kerberos no XSEDE’s Kerberos service, which stores all XSEDE usernames and passwords and provides simple username/password authentication.
yes The front-end (web browser-based) user interface to the XSEDE system where individuals register with XSEDE, manage their user profile information, request allocations to use XSEDE SP resources, and manage membership in projects that have active allocations.