Executive Summary: A community member needs to login to a locally installed application (a command line program, graphical desktop application, or mobile application) using his/her community identity, such that the application can securely interact with community services on behalf of the user.
No effort or changes are proposed at this time. A solution for XCI-444 may be available in the near future, but we do not recommend attempting to integrate it now as there are no known applications that require this feature.
|Component||User facing?||Component’s role in the capability|
|Globus Auth||yes||Globus Auth is XSEDE's Web Single-sign-on (Web SSO) service. It provides an OpenID Connect (OIDC) interface that allows users to authenticate using OIDC identity providers, significantly including XSEDE's identity provider (XSEDE usersnames/passwords) and CILogon, which maps credentials from thousands of InCommon and EduGAIN academic institutions. Locally installed applications can also use Globus Auth to authenticate users. Application developers can use Globus Auth's "native application" client feature. The application will receive the user's OIDC token with identity information supplied by the user's identity provider. Applications can also require that users must register with XSEDE, in which case the application will receive the user's XSEDE username and user profile data in the OIDC token.|