Project

General

Profile

Actions

Idea #15529

closed

[API] [Controller] Share user account database with a group of trusted clusters

Added by Peter Amstutz over 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Target version:
Story points:
5.0
Release relationship:
Auto

Description

Multi-cluster user database

Configuration

Add Login.LoginCluster config mentioned on the Multi-cluster user database wiki

Login

  1. Instead of logging in to a local SSO provider, can designate a home cluster (cluster A) where login is always sent
  2. After logging in, user is sent to original cluster (cluster B) with a token issued by the home cluster (cluster A)
  3. Users from LoginCluster (cluster A) have extra trust on cluster B (respects admin flag)

Subtasks 1 (0 open1 closed)

Task #15552: Review 15529-federated-user-accountsResolvedPeter Amstutz08/22/2019Actions

Related issues

Related to Arvados - Idea #15477: Use email address for Arvados account linkingDuplicateActions
Related to Arvados - Feature #15531: [SDK] Migrate federation to central LoginClusterResolvedPeter Amstutz09/23/2019Actions
Related to Arvados - Feature #15530: Workbench2 trusts federation usersResolvedPeter Amstutz10/07/2019Actions
Related to Arvados - Idea #15558: [SSO] [API] Identify users by (alternate) email addressesResolvedPeter Amstutz08/22/2019Actions
Actions

Also available in: Atom PDF