JIRA Issue

[#XCI-444] XSEDE's Web SSO for locally install applications does not require users to authenticate with XSEDE

[XCI-444] XSEDE's Web SSO for locally install applications does not require users to authenticate with XSEDE Created: 08/25/2018  Updated: 08/25/2018

Status: Proposed
Project: XSEDE Cyberinfrastructure Integration
Component/s: None
Fix Version/s: None

Type: XCI Documentation Priority: Major
Reporter: Lee Liming Assignee: Unassigned
Resolution: Unresolved Votes: 0

XSEDE Priority: -
Public activity link: https://software.xsede.org/display/xci-444
Devel Repository:
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions Status
<Activity Lead Name – Last, First> 6 six weeks of effort to lead and implement the activity (required) none
<User Doc Drafter – Last, First> 0.2 one day of effort to draft user documentation (required ) none
TBD (tester) 1 one week of effort to test the software none
... ... .. none
Due by Activity Deliverable
DSR Design document*
TRR Implemented Software Capability
TRR Other type of deliverable
TRR Deployment plan*
TRR Test plan*
TRR User documentation*
TRR (post) TRR Baseline* (Shava)
Deployment Deployment Baseline* (Shava)
Deployment Test Report* (Shava)
  • Click on "Deliverables" tab for URL.
Lead Tester: Shava Smallen Shava Smallen


Use case IDM-07 describes a locally installed application asking the user to authenticate using his/her XSEDE username and password. The current capability delivery plan (CDP) for this use case recommends using Globus Auth's native application feature to accomplish this.  This solution has the following properties.

  • Users can certainly authenticate with XSEDE when prompted by the application, but they can also authenticate using other identity providers if they prefer.
  • The application can require that the user be registered with XSEDE, in which case the application will receive the user's XSEDE username and profile data, regardless of which identity provider the user chooses to authenticate with.
  • This solution does not currently allow applications to require that the user authenticate with a specific identity provider (in this case, XSEDE).

Globus has recently added features to Globus Auth that can allow applications to require users to authenticate with a specific identity provider. But XSEDE has not yet integrated this into its solution for locally installed applications.


There are comments for XCI-444 that can be viewed with XSEDE authentication.