...
- Component A - Service provider
- Component B - Bring order to chaos
- Component C - Hide my precious treasure
The components are as follows:
| Component | Description | Why did we choose it? | Link |
|---|---|---|---|
| RCAuth | Token Translation. Used to generate x509 certificates for access to legacy services | EU wide, sustainable infrastructure component | https://rcauth.eu |
| VOMS | Attribute Authority & Membership Management. | Pre-existing. Backwards compatibility | https://italiangrid.github.io/voms/ |
| EGI-Check-in | The second option for the proxy and membership management component | Implements multiple components, easier maintenance. Product used by other communities. | https://www.egi.eu/services/check-in/ |
COmanage Modules configuration
You need admin privileges to perform the following:
| Code Block | ||||
|---|---|---|---|---|
| ||||
Select <collaboration> -> Configuration -> Pipelines -> Add Pipeline |
See screenshot below for configuration settings
| Code Block | ||||
|---|---|---|---|---|
| ||||
Select <collaboration> -> Configuration -> Organisational Identity Sources -> Add Organisational Identity Source |
See screenshots below for configuration settings
| Code Block | ||||
|---|---|---|---|---|
| ||||
Select <collaboration> -> Configuration -> Enrollment Flows -> Add Enrollment Flow |
See screenshots below for configuration settings
| Environment | Issuer DN |
|---|---|
| AARC pilot (e.g. LS AAI, WLCG) | {{/O=AARC/OU=AAI-Pilot/CN=AARC Simple Demo CA}} |
| Production | {{/DC=eu/DC=rcauth/O=Certification Authorities/CN=Research and Collaboration Authentication Pilot G1 CA}} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
Select <collaboration> -> Configuration -> Provisioning Targets -> Add Provisioning Target |
See screenshots below for configuration settings
| Code Block | ||||
|---|---|---|---|---|
| ||||
Architecture
This section will provide 2 important parts:
Graphic representations of pilot architecture
Graphic representations of workflow
Lists of all components of related pilot
AARC BPA version:
Use Cases
This section should explain how this pilot works through use cases (at least 2).
...
(Here's a valid example LINK)
User links x509 certificate to user's COmanage profile and gives access to SP if the user belongs to an authorized group
| Code Block | ||||
|---|---|---|---|---|
| ||||
Select <collaboration> -> Configuration -> Enrollment Flows -> Add Enrollment Flow |
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<Name>, e.g. Confirm request for accessing EGI resources
<Status> => Active
<Petitioner Enrollment Authorization => Authenticated User
<Identity Matching> => None
<Email Confirmation Mode> => None
<Terms and Conditions Mode> => Explicit Consent
<Finalization Redirect URL> => The URL of the enrollment petition to follow. For this case the enrollment to follow is the RCAuth enrollment
|
See screenshots below for configuration settings
See screenshots below for co persons profile after finishing DARIAH Enrollment
Demo Videos can be found here
- User accessing Dariah service
- Expunging a user from Group Management Framework removes the user from VOMS as well
Further information
Last part contain a list of information, link or anything related to the pilot that was not mentioned in ahead seciton.