Idea #15529: [API] [Controller] Share user account database with a group of trusted clusters - Arvados

Idea #15529

Updated by Peter Amstutz over 4 years ago

[[Multi-cluster user database]] 

 h2. Configuration 

 Add Login.LoginCluster config mentioned on the [[Multi-cluster user database]] wiki 

 h2. Login 

 # Instead of logging in to a local SSO provider, can designate a home cluster (cluster A) where login is always sent 
 # After logging in, user is sent to original cluster (cluster B) with a token issued by the home cluster (cluster A) 
 # Users from LoginCluster (cluster A) have extra trust on cluster B (respects admin flag) 

 h2. UserGet / UserUpdate APIs 

 In controller, when requesting or updating a user uuid, proxy the request to the master cluster -- i.e., the cluster whose ID matches the user UUID prefix.

Back

Project

General

Profile

Arvados

Idea #15529