Feature #15061

Updated by Peter Amstutz almost 3 years ago


# User has an account on home cluster A.
# User goes to cluster B. Instead of logging in with federated identity from cluster A, user logs into a preexisting account and/or accidentally creates a new account.
# User now has multiple accounts, but wanted only one account.
# UI should guide user to redirect/merge accounts to use the cluster A account consistently.

Proposed solution:

# When a user logs in to the home cluster, send a simple to all clusters in the federation on behalf of the user. This will cause the remote clusters to cache a record of the remote user.
# When a user logs in / creates an account on cluster B, check if there is are any cluster A user records with the same email address.
# If so, prompt the user if they want to migrate the cluster B user to the cluster A user instead.
# User logs in at cluster A and is redirected back to cluster B. The local user account is migrated (setting the user redirect to the cluster A user) the user finishes logging in.


* If the user logs in to cluster B again, the account should be automatically redirected to log in at cluster A. Unfortunately, the user will probably still have to log in twice.
* For the case where the user wants cluster B to be the home cluster but there is a remote user from cluster A in the database, provide an alternate flow that sends the user to cluster A to migrate the cluster A account to cluster B.
* This is a special case of #13651 where user accounts are identified based on matching email addresses instead of the account merge being initiated by the user.