Versions Compared

Old Version 9

changes.mady.by.user Nicolas Liampotis

Saved on

compared with

New Version 10

changes.mady.by.user Nicolas Liampotis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add details to user workflow

...

  • a unique, persistent, non-reassignable user identifier (namely AARC ID, expressed as an eduPersonUniqueId attribute scoped at "@aarc-project.eu");
  • assurance level (expressed as an eduPersonAssurance attribute);
  • community membership roles and groups (expressed through eduPersonEntitlement attribute values). 

...

   
1.Access OpenStack's Dashboard (Horizon) at https://am02.pilots.aarc-project.eu/horizon
2.

Click Connect and select your Identity Provider from the discovery page (WAYF). You may select any of the following options:

  • Institutional IdP: AARC DIY Identity Provider (considered an institutional IdP for demo purposes only)
  • Social IdPs: Facebook, Google, LinkedIn
  • ORCID
3.Enter your login credentials to authenticate yourself with the IdP of your Home Organisation (e.g. Google)
4.After successful authentication, you may be prompted by your Home Organisation to consent to the release of personal information to the EGI AAI Service Provider Proxy 
5.On the EGI AAI Consent about releasing personal information page, click Yes, continue to consent to the release of personal information to the EGI User Account Registry. If you select the Remember option, your browser will remember your choice unless you clear your cookies or restart the browser.
6.

If this is your first time logging in, you will be redirected to the AARC Pilot User Community Sign Up page after successful authentication. Alternatively, you may access the sign up page directly by visiting:

https://aai-dev.egi.eu/join-aarc

7.

Depending on the LoA and/or attributes released by your Home IdP, there are two sign up workflows:

  1. If the LoA is substantial and all required attributes are released: Self-service Sign Up (typically for users coming from eduGAIN IdPs, or the AARC DIY Identity Provider for the purpose of this demo)
  2. If the upstream IdP cannot provide all attributes, or the LoA is low: Approval-based Sign Up. For example, in the case of Social IdPs the Affiliation Attribute will be missing; thus, you will be asked to provide any missing attribute values yourself.

Image Added

Image Added

8.On the registration form, click Review Terms and Conditions 
9.If you agree to the Terms of Use, select the I Agree option. Important: You will not be able to agree to the terms until you review them! 
10.Finally, click Submit to submit your request. Important: You will not be able to submit your request until you agree to the terms!Image Added
11.After submitting your request, you will receive an email with a verification link in it. After you click that link, you'll be taken to the request confirmation page.Image Added
12.After reviewing your request, click Confirm and re-authenticate yourself using the Identity Provider you selected in Step 2.Image Added
138.

If your sign up request requires approval (second workflowsee Step 7), the Sponsors Sponsor(s) of the VO will be notified via email. You will need to wait for a Sponsor to approve your request to join the AARC Pilot User Community. Upon approval, you will receive a notification email.

Image Added
914.One of the Sponsor users has to approve your request via the COmanage Registry

After your registration has been completed, you can manage your profile through the Account Registry portal at https://aai-dev.egi.eu/registry

Image Added

10.

After approval, your account will be activated in COmanage -  Subject Identifier retained by Google - Unique, Persistent, non-Reassignable (not the email address of google)

 
15.11.

Relogin to OpenStack's dashboard at https://am02.pilots.aarc-project.eu/horizon

 12

.

You will be mapped to a Keystone user group based on the values of the eduPersonEntitlement attribute

Image Added