XSEDE Capability Delivery Plan for "IDM-05: Link or unlink a non-XSEDE identity"
URLs: Public, Review
Executive Summary: An XSEDE user wants to link or unlink a non-XSEDE identity with their XSEDE identity. A linked identity can be used to authenticate to XSEDE instead of an XSEDE username and password.
Current CDP: 2018-08-25
No effort or changes are proposed at this time.
|Component||User facing?||Component’s role in the capability|
|Globus Auth||yes||Globus Auth is the Web Single-sign-on (Web SSO) interface for XSEDE. Globus Auth provides Web authentication by a wide variety of OpenID Connect (OIDC) identity providers, significantly including CILogon, which provides OIDC authentication via thousands of InCommon and EduGAIN SAML/Shibboleth identity providers. Having authenticated, users may link additional OIDC identities, allowing the user to authenticate via any of the linked identities. Most XSEDE Web applications, including the XSEDE User Portal (XUP), require that the user has linked his/her XSEDE OIDC identity before the user is allowed access to the application. After visiting XUP and being guided to Globus Auth, users may view their linked identities and add/remove linked identities.|
|XSEDE User Portal (XUP)||yes||The XSEDE User Portal (XUP) is XSEDE's primary website and provides the starting point for this use case. To link or unlink an identity, users first login to the XUP, then click "My Profile." On the profile page, a link labeled "Manage linked identities" take the user to Globus, where identities can be linked and unlinked.|