[XCI-496] SSH with OAuth (OIDC/OAuth SSH service and client) Created: 10/29/2018 Updated: 12/08/2021
|Project:||XSEDE Cyberinfrastructure Integration|
|Component/s:||Globus Auth SSH|
|Fix Version/s:||PY8 (Sep '18 - Aug '19), PY9 (Sep '19 - Aug '20)|
|Type:||XCI New Capability||Priority:||Normal|
|Reporter:||Lee Liming||Assignee:||Lee Liming|
Campus Resource Operators, XSEDE Enterprise Services, XSEDE Service Providers
RACD Integration Services, RACD Security
|Use Case Priority:||High|
|Public activity link:||https://software.xsede.org/display/xci-496|
CAN-04: Open a command shell on a login server (web browser), CAN-06: Authenticate with an application, CB-08: Use a community login service with campus login servers, DA-02: Prepare data for analysis, DA-03: Analyze data from research instruments, DA-04: Analyze data generated by a simulation, DA-05: Steer a large computation while it runs, HPC-01: Use a single HPC resource for a research project, HPC-02: Use two or more HPC resources for a research project, HTC-01: Run a set of independent jobs on an HTC resource, HTC-02: Run a set of interrelated jobs on an HTC resource, IDM-14: SSH access using a community identity for education, VIS-01: Visualize research data using streaming video, VIS-02: Visualize research data using streaming geometry data, VIS-03: Generate visualization data for later viewing, VIS-04: Visualize and steer a simulation running on a remote resource, VIS-05: Visualize a simulation as it runs on a remote resource
|Effort and Costs:||
NOTE: Effort for TRR deliverables will be tracked separately in sub-task activities.
( * ) Click on "Deliverables" tab for URL.
( ** ) See linked issues for details & deliverables.
|Planned Launch Date:|
|Actual Launch Date:|
|Planned Design Review Date:|
|Planned Test Readiness Review Date:|
|Planned Complete Date:|
This activity will prepare and test OAuth-SSH for use by XSEDE SPs and a new or updated XSEDE SSO Hub, based on the final release of OAuth-SSH. OAuth-SSH is SSH using OpenID Connect (OIDC) authentication and OAuth 2.0 access tokens. This is the authentication used by XSEDE's Web SSO service.
When Globus announced its end-of-support for the Globus Toolkit, that included GSI-OpenSSH, which is SSH based on X.509 authentication. Most XSEDE SPs and the XSEDE SSO Hub use GSI-OpenSSH for their SSH (remote login) services. While support for GSI-OpenSSH may continue via open source community contributions, we are exploring other options for the future of XSEDE's SSH services.
There are comments for XCI-496 that can be viewed with XSEDE authentication.