JIRA Issue

[#XCI-196] Deliver XSEDE user to OAuth identity mappings

[XCI-196] Deliver XSEDE user to OAuth identity mappings Created: 09/06/2017  Updated: 01/21/2021  Resolved: 01/09/2020

Status: Closed
Project: XSEDE Cyberinfrastructure Integration
Component/s: AMIE, Globus Auth, XSEDE Central Database (XCDB)
Fix Version/s: PY8 (Sep '18 - Aug '19), PY9 (Sep '19 - Aug '20)

Type: XCI Enhanced Capability Priority: Critical
Reporter: JP Navarro Assignee: Shava Smallen
Resolution: Done Votes: 1

Attachments: JPEG File 1107charlie_brown_lucy_football.jpg     HTML File README-install-userguide-deployment     Text File gridmap_testing.log     Text File mapfile.txt     Text File output.txt     HTML File spec     File xci-196-mapfile.py     File xci-globusmapfile_allow_dups.py     Text File xci-globusmapfile_allow_dups.txt     File xci196mapfile.py     Text File xsede_user_mapfile_test.log    
Issue Links:
Associated bugs and stories
associated with A3M-162 Implement XDCDB API to support work o... Closed
associated with XCI-793 Get xsede-oauth-mapfile ready for rel... Closed
associated with XCI-437 Evaluate Globus Auth SSH Beta Closed
associated with XCI-437 Evaluate Globus Auth SSH Beta Closed
Meeting Action Item
is meeting action item from XCI-216 RACD Planning Meeting - September 14,... Completed
XCI Deliverable
is deliverable of XCI-826 Deliver Globus Connect Server (GCS) v... Closed
is deliverable of XCI-496 SSH with OAuth (OIDC/OAuth SSH servic... Design Review
Target Operator:
XSEDE Community Infrastructure, XSEDE Enterprise Services, XSEDE Service Providers
XSEDE Priority: -
XSEDE Areas:
RACD Security
Discussion Thread: https://software.xsede.org/discussion-forums/xci-196-deliver-xsede-user-oauth-identity-mappings
Public activity link: https://software.xsede.org/display/xci-196
Devel Repository:
Use Cases:
CAN-01: Run a remote job, CAN-02: Managed data transfer, CAN-04: Open a command shell on a login server (web browser)
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions Status
Basney, Jim 0.6 Lead and implement the activity none
Liming, Lee 0.2 Design and assist with documentation none
Shapiro, Michael 0.6 Implement XCDB API none
Arnold, Galen 0.4 Implement mapping download/install/distribute functionality none
TBD (tester) 0.2 one week of effort to test the software none
... ... .. none
Due by Activity Deliverable
DSR Design document*
TRR Implemented Software Capability
TRR Deployment plan*
TRR Test plan*
TRR User documentation*
TRR (post) TRR Baseline* (Shava)
Deployment Test Report* (Shava)
  • Click on "Deliverables" tab for URL.
Planned Launch Date:
Actual Launch Date:
Planned Design Review Date:
Actual Design Review Date:
Actual Test Readiness Review Date:
Planned Complete Date:
Actual Complete Date:
Activity Lead: Jim Basney Jim Basney
Lead Tester: Shava Smallen Shava Smallen
Christopher Irving
Design Document: https://software.xsede.org/svn/xci/activities/xci-196/trunk/Deliverables/XCI-196-Design.pdf
Test Plan: https://software.xsede.org/svn/xci/activities/xci-196/trunk/Testing/xci-196-test-plan.txt
Test Readiness Review: https://software.xsede.org/technical-review/xci-196-deliver-xsede-user-oauth-identity-mappings-test-readiness-review
Installation Guide: https://software.xsede.org/development/globus-oauth-mapfile/INSTALL
Test Report: https://docs.google.com/document/d/1qG30caysYSoS3eaLbjrjlu6M_TJ4bhHeNXBMZU6ioqo/edit?usp=sharing
Repository Package Name: xsede-user-mapfile
Repository Package URL: https://software.xsede.org/development/globus-oauth-mapfile/


Part of the Globus Toolkit de-support announcement includes retiring authenticating users to remote services using user X.509 credentials. Currently XSEDE provides SPs user X.509 credential information for mapping to local SP accounts in GridFTP and GSI OpenSSH. This activity will identity how XSEDE can map new OAuth global identity to SP accounts and what components will be changed and to implement those mappings. Implementation will likely include building an interface for extracting XSEDE to local account mappings from XCDB, and tools for downloading and installing those mappings on individual resources. This activity may spin off other activities to enhance components that implement these mappings. This activity will not retire the existing user X.509 identity mapping process


There are comments for XCI-196 that can be viewed with XSEDE authentication.