Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "VT AAI"

From EGIWiki
Jump to navigation Jump to search
Line 70: Line 70:
|-
|-
|LIP
|LIP
|
|Openstack Icehouse
|
|
|-
|-

Revision as of 09:07, 24 October 2014


Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security



Coordinator: Peter Solagna/EGI.eu

Meetings page

Mailing list:


Overview

This wiki page contains the information about a proof of concept to enable SAML credentials on EGI services. This task is a joint activity between SURFnet and EGI.

Motivation

The goal of this activity is to use federated identity credentials, specifically SAML ones, directly in the services without using any X509 credential to bridge to EGI services. The main objective is to demonstrate that user communities can manage independently user membership and user authorization on the services in a coordinated way, with a similar workflow as it is done now with the VOMS services. The goal of this activity is not to deploy production services, but to test the technical feasibility of the integration of SAML technology in the EGI services, maintaining the features that user need to manage their communities in a distributed infrastructure.


Mandate

The working group will test the technical services from October to December 2013. At the end of this period a short report with the outcomes and the technical suggestions will be prepared and potentially attached to the EGI-InSPIRE deliverables.

Objectives

  • Connect cloud services to the SURFnet OpenConext service to retrieve SAML assertions containing user identities and attributes that describe the user capabilities.
  • Cloud stacks to be integrated:
    • OpenNebula
    • OpenStack
    • Synnefo
  • Connect attribute providers to OpenConext
  • Test the feasibility of solutions not including the aggregator (OpenConext)

Milestones/Timeline

Members

Currently the following sites are participating to the proof of concept:

  • INFN-Bari
  • LIP
  • CESNET
  • NGI_SI
  • Okeanos/GRNET

Identity providers, and attribute providers:

  • SURFnet, OpenConext

How to Join

Contact: peter.solagna@egi.eu

Technical Information

Summary of the technical information gathered by the working group.

Metadata of service providers and identity providers

Service providers

Service provider Cloud stack Link to metadata
INFN-Bari Openstack Icehouse
CESNET OpenNebula 4.x
LIP Openstack Icehouse
Okeanos/GRNET
NGI_SI
RENAM

Identity providers

IdP Protocol Link to metadata
OpenConext
EGI SSO Shibboleth IdP 2.3.8 https://www.egi.eu/idp/shibboleth
HEXXA

Cloud stack configuration tips

OpenStack

OpenNebula

See SSP for OpenNebula at MTA SZTAKI

References