You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Supported Attributes

- We do not provide attributes that are only single valued: Especially Displayname

- All additional names get put into CN

- In the future offer proxy to do aggregation on behalf of SP

 

Incoming attributes will be collected and passed on untouched:

2.2.13 eduPersonUniqueId -> Only incoming

2.2.8. eduPersonPrincipalName -> Only incoming

2.2.10. eduPersonScopedAffiliation

3.4. displayName -> Via IdP (R&S)

Other outgoing attributes:

2.2.2. eduPersonEntitlement

2.2.12. eduPersonAssurance

2.2.14 eduPersonOrcid

3.2. cn (commonName)

3.3. description

3.6. givenName

3.13. mail

  3.15. mobile -> future use?

3.24. sn (surname)

  3.27. telephoneNumber  -> future use?

3.31. userCertificate

x.y IsMemberOf

Support of ssh pubkey?

Attribute Scoping

IsMemberOf and eduPersonEntitlement are both scoped to the VO using an at sign

Changes needed for eduTEAMS Identity Hub

  • Publish IdP proxy metadata for a single proxy endpoint
  • Check incoming attributes on Backend to see if we are getting enough info to be R&S compliant
  • incorporate/use discovery service

 

GAPS identified for Membership Manamgement

  • VOOT ansible scripts
  • COmanage Ansible needs changing - Basic provisioning
  • Ansible for export script - Ansibelize script deployment
  • Ansible for MySQL database for Master ->  Slave replication
  • Loadbancers Ansible
  • Gui for connecting SP to CO
  • Gui for onboading new VO/VOadmin
    • Out of band via email intially
    • We send out an invite to the invite form
    • Validate if the user is in GEANT by calling external service.
    • If false, present a good error message.
    • Fill in form, which needs custom fields
      • Define the fields
        • Include SPs
    • Email to validate the entry
    • We ok the entry
    • Use provisioning plugin to provision into specific DB or LDAP OR better via API directly into Comanage.
  • For initila Piot use wiki page for "form" questions + email.
  • No labels