XSEDE Capability Delivery Plan for "IDM-07: Login to a locally installed application with XSEDE username/password"

Use Case IDM-07: Login to a locally installed application with a community identity

Area: Account Management
URLs: Public, Review

Executive Summary: A community member needs to login to a locally installed application (a command line program, graphical desktop application, or mobile application) using his/her community identity, such that the application can securely interact with community services on behalf of the user.

First CDP: 2018-08-25
Current CDP: 2018-08-25
Current Implementation Status: 
Issues Remaining: 
Time & Effort Summary: 

No effort or changes are proposed at this time.  A solution for XCI-444 may be available in the near future, but we do not recommend attempting to integrate it now as there are no known applications that require this feature.

This capability is currently supported by the following 1 components:
Component User facing? Component’s role in the capability
Globus Auth yes Globus Auth is XSEDE's Web Single-sign-on (Web SSO) service. It provides an OpenID Connect (OIDC) interface that allows users to authenticate using OIDC identity providers, significantly including XSEDE's identity provider (XSEDE usersnames/passwords) and CILogon, which maps credentials from thousands of InCommon and EduGAIN academic institutions. Locally installed applications can also use Globus Auth to authenticate users. Application developers can use Globus Auth's "native application" client feature. The application will receive the user's OIDC token with identity information supplied by the user's identity provider. Applications can also require that users must register with XSEDE, in which case the application will receive the user's XSEDE username and user profile data in the OIDC token.