Feature #1405

BlueBRIDGE - Project WP #629: WP4 - VREs Deployment and Operation [Months: 1-30]

BlueBRIDGE - Project Task #630: T4.1 BlueBRIDGE Infrastructure Operation [Months: 1-30]

Enable Federated login on services and iMarine Gateways

Added by Massimiliano Assante almost 4 years ago. Updated 10 months ago.

Status:ClosedStart date:Nov 17, 2015
Priority:LowDue date:Nov 27, 2015
Assignee:Massimiliano Assante% Done:

100%

Category:portlets-user
Sprint:zz - Federated Login on D4Science Gateways
Milestones:
Duration: 9

Description

The federated login should be enabled on services and iMarine Gateways, in particular the INFN of Catania should be added as Federated authority


Related issues

Related to gCube - Feature #1339: Provide Solution for SAML2.0 Authentication into gCube Po... Closed Nov 11, 2015 Nov 30, 2015
Related to gCube - Feature #1652: Shibboleth Discovery Service to display Label instead of ... Closed Dec 01, 2015 Dec 11, 2015

History

#1 Updated by Massimiliano Assante almost 4 years ago

  • Related to Feature #1339: Provide Solution for SAML2.0 Authentication into gCube Portal added

#2 Updated by Massimiliano Assante almost 4 years ago

  • Estimated time set to 16.00
  • Status changed from New to In Progress
  • Due date changed from Nov 20, 2015 to Nov 27, 2015

We have a solution (in place and working) for SAML2.0 / Shibboleth implementation into the gCube portal implemented by ENG in iMarine.

We use it for https://social.isti.cnr.it and we federated our institute (ISTI) identity provider to the D4Science Service provider running on https://sp.d4science.org/casshib/shib/app2/login (2-3 years ago)

We never enabled it for the other D4Science gateways because until now we never had another request by any other institute. However since the INFN of Catania requested SAML it should be enabled.

#3 Updated by Massimiliano Assante almost 4 years ago

I was able, by following the wiki guide made by @ciro.formisano@eng.it for iMarine in WP5 to install the shibboleth-ds rpm (iMarine Custom Discovery Service) on the D4Science service provider VM (sp.d4science.org)

I also configured Liferay (of dev.d4science.org) to use CASShib. Now, in the case of unique Idp I am able to login (with the ISTI dip), when I switch to multi iDP instead it get redirected to the iMarine Custom Discovery Service (https://sp.d4science.org/shibboleth-ds/index.html) but I get a blank page and no error in the tomcat logs.

I looked at the WIKI here: https://wiki.gcube-system.org/gcube/Shibboleth_and_gCube#Discovery_Service and I saw that I miss the configurations needed for loading the trusted IdPs ('/casshib/shib/app2/Shibboleth.sso/DiscoFeed')

Can anybody help with this? @ciro.formisano@eng.it ? Perhaps I'm getting a blank page because I miss the DiscoFeed file?

#4 Updated by Massimiliano Assante almost 4 years ago

  • Related to Project Task #630: T4.1 BlueBRIDGE Infrastructure Operation [Months: 1-30] added

#5 Updated by Massimiliano Assante almost 4 years ago

  • Status changed from In Progress to Feedback

#6 Updated by Massimiliano Assante almost 4 years ago

  • Assignee changed from Massimiliano Assante to Ciro Formisano
  • Status changed from Feedback to In Progress

#7 Updated by Massimiliano Assante almost 4 years ago

Ciro is looking at the problem we have for the multi iDP federation

#8 Updated by Massimiliano Assante almost 4 years ago

  • % Done changed from 0 to 50

The problem with the Discovery Service not being displayed was solved by @ciro.formisano@eng.it , now we need to fill it with the federated institutes.

Also, the main page of the Discovery service (D4Science) has been themed for the D4Science Infrastructure (https://sp.d4science.org/shibboleth-ds/index.html)

#9 Updated by Massimiliano Assante almost 4 years ago

  • % Done changed from 50 to 70
  • Assignee changed from Ciro Formisano to Massimiliano Assante

Discovery Service is ready, it can be accessed from http://dev.d4science.org and clicking on SAML Federation, we need to contact INFN Catania for creating the trust between our Service Provider and their Identity Provider. The Trusting of IDP Isti is already set and works.

#10 Updated by Massimiliano Assante almost 4 years ago

  • % Done changed from 70 to 100
  • Status changed from In Progress to Resolved

http://services.d4science.org is enabled for federated login.

#11 Updated by Massimiliano Assante almost 4 years ago

  • Related to Feature #1652: Shibboleth Discovery Service to display Label instead of EntityID URL added

#12 Updated by Massimiliano Assante almost 4 years ago

  • Blocked by Task #1659: Federated and Classic Login cannot "live" together added

#13 Updated by Massimiliano Assante almost 4 years ago

  • Status changed from Resolved to In Progress

#14 Updated by Massimiliano Assante almost 4 years ago

  • % Done changed from 100 to 80
  • Status changed from In Progress to Paused

#15 Updated by Massimiliano Assante over 3 years ago

  • Priority changed from High to Low

#16 Updated by Gabriele Giammatteo over 3 years ago

  • Related to deleted (Project Task #630: T4.1 BlueBRIDGE Infrastructure Operation [Months: 1-30])

#17 Updated by Gabriele Giammatteo over 3 years ago

  • Parent task set to #630

#18 Updated by Massimiliano Assante 10 months ago

  • % Done changed from 80 to 100
  • Status changed from Paused to Closed

The d4science.org service provider is now a Service Provider (Via SAML2) for the EGI AAI Federation https://support.d4science.org/issues/3256

#20 Updated by Massimiliano Assante 10 months ago

  • Blocked by deleted (Task #1659: Federated and Classic Login cannot "live" together)

Also available in: Atom PDF