Supported Attributes

- We do not provide attributes that are only single valued: Especially Displayname

- All additional names get put into CN

- In the future offer proxy to do aggregation on behalf of SP

 

Incoming attributes will be collected and passed on untouched:

2.2.13 eduPersonUniqueId -> Only incoming

2.2.8. eduPersonPrincipalName -> Only incoming

2.2.10. eduPersonScopedAffiliation

3.4. displayName -> Via IdP (R&S)

Other outgoing attributes:

2.2.2. eduPersonEntitlement

2.2.12. eduPersonAssurance

2.2.14 eduPersonOrcid

3.2. cn (commonName)

3.3. description

3.6. givenName

3.13. mail

  3.15. mobile -> future use?

3.24. sn (surname)

  3.27. telephoneNumber  -> future use?

3.31. userCertificate

x.y IsMemberOf

Support of ssh pubkey?

Attribute Scoping

IsMemberOf and eduPersonEntitlement are both scoped to the VO using an at sign

Changes needed for eduTEAMS Identity Hub

  • Publish IdP proxy metadata for a single proxy endpoint
  • Check incoming attributes on Backend to see if we are getting enough info to be R&S compliant
  • incorporate/use discovery service

 

GAPS identified for Membership Management

  • VOOT ansible scripts
  • COmanage Ansible needs changing - Basic provisioning
  • Ansible for export script - Ansibelize script deployment
  • Ansible for MySQL database for Master ->  Slave replication
  • Loadbancers Ansible
  • Gui for connecting SP to CO
  • Gui for onboading new VO/VOadmin
    • Out of band via email intially
    • We send out an invite to the invite form
    • Validate if the user is in GEANT by calling external service.
    • If false, present a good error message.
    • Fill in form, which needs custom fields
      • Define the fields
        • Include SPs
    • Email to validate the entry
    • We ok the entry
    • Use provisioning plugin to provision into specific DB or LDAP OR better via API directly into Comanage.
  • For initilal Piot use wiki page for "form" questions + email.

Activities

  • Update wiki page on generic setup (Niels) - This week
  • Ansible scripts for Bastion host (Discuss between Simone, Kristof) (Okt 24)
  • Deploy 8 VMs (Kristof, later Mandeep) (Nov 18)
  • Setup IdPs and SPs for testing/dev. (Niels) (Okt 31) - email  if needed
  • Deploy ID HUB (Krstof/Simone) - Use as test case for VM deploment - Nov 30
  • Modify ID HUB (Niels/Rebecka) (Okt 24)
  • Discuss with COmanage (Mihaly, Slavik) (Okt 31)
  • VOOT ansible scripts (Niels) (Nov 18)
  • COmanage Ansible needs changing - Basic provisioning
    • Create Workflows (Mandeep) (Nov 1)
    • Add to deployment (depending on discussion with COManage) (Mihaly)
  • Ansible for export script - Ansibelize script deployment (Mihaly) (Ok 31)
  • Ansible for MySQL database for Master ->  Slave replication (Kristof) (Nov 18)
  • Work out provisioning plugin (Niels) (Nov 30)
  • Loadbalancers Ansible (Kristof check with Simone) (Nov 18)
  • Set up CO intake form intitally in wiki (Tangui and Mandeep) (Nov 5, + 4 weeks for response)
  • Setup onboarding either in Comanage of seperate GUI
  • Really, Really deploy. (Krisfof + Simone) - feb 1, 2017
  • No labels