CAN-06: Authenticate to one or more SP resources, SP services, and XSEDE central services
Track status in meeting:
The Globus Auth service, which provides XSEDE's Web SSO mechanism, relies on an XSEDE OIDC identity provider (IDP) to authenticate XSEDE users using their XSEDE username and password. The currently configured XSEDE IDP in Globus is weblogin.xsede.org, which is operated by the University of Chicago's Globus team.
NCSA has recently begun operating an InCommon (SAML-based) IDP for XSEDE, named idp.xsede.org. Although this InCommon IDP doesn't support OIDC, the CILogon service (also operated by NCSA) provides translation between SAML and OIDC for >400 academic institutions, and could easily do the same for XSEDE.
We need to explore our options regarding replacing weblogin.xsede.org with CILogon translating idp.xsede.org into OIDC.
There are comments for XCI-339 that can be viewed with XSEDE authentication.