Idea #12945: Document and test identity provider migration for user accounts - Arvados

Actions

Copy link

Idea #12945

closed

Document and test identity provider migration for user accounts

Added by Tom Morris over 6 years ago. Updated about 6 years ago.

Status:

Duplicate

Priority:

Normal

Assigned To:

Category:

Target version:

Start date:

Due date:

Story points:

0.5

Description

Below is a sketch of the implementation to be tested and documented:

It is possible to change authentication providers for a user account. Examples:

A user’s account is attached to Google account person@old.example.com, but the user now wishes to log in with Google account person@new.example.com instead.
A user used to log in with LDAP authentication, but now wishes to log in with Google account person@new.example.com instead.

Currently, it is only possible for an administrator to make this change.
Procedure:

Determine the user’s existing UUID.
Clear the identity_url field of the existing user record.

Add a Link object with the following attributes:

{
  "link_class":"permission",
  "name":"can_login",
  "tail_uuid":"person@new.example.com",
  "head_uuid":"aaaaa-tpzed-abcdefghijklmno",
  "properties":{
    "identity_url_prefix":"https://www.google.com/" 
  }
}

*Have the user log in using their person@new.example.com Google account.

Related issues

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Arvados

Custom queries

Idea #12945

Document and test identity provider migration for user accounts

Updated by Tom Morris over 6 years ago

Updated by Tom Morris over 6 years ago

Updated by Tom Clegg over 6 years ago

Updated by Tom Clegg over 6 years ago

Updated by Tom Morris about 6 years ago