JIRA Issue

[#XCI-339] Replace weblogin.xsede.org with CILogon and idp.xsede.org

[XCI-339] Replace weblogin.xsede.org with CILogon and idp.xsede.org Created: 02/26/2018  Updated: 07/12/2018

Status: Proposed
Project: XSEDE Cyberinfrastructure Integration
Component/s: CILogon, Globus Auth, XSEDE InCommon Identity Provider (IdP), XSEDE User Portal (XUP)
Fix Version/s: None

Type: Task Priority: Normal
Reporter: Lee Liming Assignee: Lee Liming
Resolution: Unresolved Votes: 0

Issue Links:
relates to XCI-30 Provide InCommon Identity Provider fo... Closed
relates to XCI-317 XSEDE Web SSO Design Closed
XSEDE Priority: -
Planned Complete Date:
Public activity link: https://software.xsede.org/display/xci-339
Use Cases:
CAN-06: Authenticate to one or more SP resources, SP services, and XSEDE central services
Track status in meeting: yes


The Globus Auth service, which provides XSEDE's Web SSO mechanism, relies on an XSEDE OIDC identity provider (IDP) to authenticate XSEDE users using their XSEDE username and password. The currently configured XSEDE IDP in Globus is weblogin.xsede.org, which is operated by the University of Chicago's Globus team.

NCSA has recently begun operating an InCommon (SAML-based) IDP for XSEDE, named idp.xsede.org. Although this InCommon IDP doesn't support OIDC, the CILogon service (also operated by NCSA) provides translation between SAML and OIDC for >400 academic institutions, and could easily do the same for XSEDE.

We need to explore our options regarding replacing weblogin.xsede.org with CILogon translating idp.xsede.org into OIDC.


There are comments for XCI-339 that can be viewed with XSEDE authentication.