JIRA Issue

[#XCI-452] Globus Auth does not support SSH or X.509 credentials extension grant types

[XCI-452] Globus Auth does not support SSH or X.509 credentials extension grant types Created: 09/05/2018  Updated: 10/04/2019

Status: Proposed
Project: XSEDE Cyberinfrastructure Integration
Component/s: None
Fix Version/s: None

Type: XCI Documentation Priority: Major
Reporter: Lee Liming Assignee: Unassigned
Resolution: Unresolved Votes: 0

XSEDE Priority: 0
Public activity link: https://software.xsede.org/display/xci-452
Devel Repository:
Use Cases:
IDM-08: Login to a locally installed application with an SSH/X.509 key
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions Status
<Activity Lead Name – Last, First> 6 six weeks of effort to lead and implement the activity (required) none
<User Doc Drafter – Last, First> 0.2 one day of effort to draft user documentation (required ) none
TBD (tester) 1 one week of effort to test the software none
... ... .. none
Due by Activity Deliverable
DSR Design document*
TRR Implemented Software Capability
TRR Other type of deliverable
TRR Deployment plan*
TRR Test plan*
TRR User documentation*
TRR (post) TRR Baseline* (Shava)
Deployment Deployment Baseline* (Shava)
Deployment Test Report* (Shava)
  • Click on "Deliverables" tab for URL.
Lead Tester: Shava Smallen Shava Smallen


Use case IDM-08 describes a user authentication with an application using an SSH key or an X.509 certificate that has previously been registered with XSEDE and obtaining an OAuth2 access token that can be used with REST APIs.  Since the goal is to obtain an OAuth2 token, Globus Auth (XSEDE's Web SSO service) would be the obvious choice.  However, Globus Auth does not support credential extensions for SSH keys or X.509 certificates, which is required for this to work.