1 / 7

SSO current status

SSO current status. 10/6/10 Area Director’s call. F low chart, presented Jan, 2008 I mpetus for SSO improvements. Easy as 1-2-3!. Fully diagrammed login and certificate set-up process, pre-Single Sign-on You can see from the flow chart that things could potentially be easy. 

aspen
Download Presentation

SSO current status

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSO current status 10/6/10 Area Director’s call

  2. Flow chart, presented Jan, 2008 • Impetus for SSO improvements Easy as 1-2-3! Fully diagrammed login and certificate set-up process, pre-Single Sign-on You can see from the flow chart that things could potentially be easy.  The most important thing I get from this in hindsight is that it was all exception driven.

  3. 9/10 services-wg call • Portal Single Sign On issue • This usually doesn't work because the user doesn't exist on the system. Other times it is just a system issue [CRLs out of date etc]. This can happen in several scenarios. Sergiu has seen the following: • RP allocations: Sometimes accounts don't automatically get created on newer machines under RP allocations. I believe this is what happened in Nancy's case and in my case. Once we got added on the machines, single sign on worked fine. • Error doesn’t indicate what needs to be done • User already has a portal account and allocations on some machines. A new machine gets added to his/her allocation. User gets approval notice from the allocations side. There is a lag between that and the account being created on the new machine. The users maybe unaware of this and try the SSO since they already have portal access. • RP site has an account activation process. I did this for TACC/Ranger/Lonestar but that was sometime ago. We can confirm w/ TACC folks if the process is the same now. • This is similar to (2). Sometimes the portal account gets mailed out to the user but the accounts on the machine itself are not setup. I know there is a turnaround period [5 days?] for RPs to create accounts but I don't know if the portal mail out waits for this [esp. if multiple sites are involved and some sites create the accounts in time].

  4. Activation processes can cause confusion • Notice about activation arrives before TG packet • Users think this is their TG SSO info • This very thing happened to a new gateway developer in the last 2 weeks • What if there were 11 different activation sites to go to? • Thought we tried to address this when we negotiated a single user responsibility form in 2003

  5. So, what remains to be done? • SSO is frequently touted as something that makes TG very easy to use • This is often a user’s first impression of TG • Need to lessen the number of scenarios where SSO doesn’t work or where steps cause more confusion • It really makes us look bad if this doesn’t work as advertised

  6. https://www.teragrid.org/web/user-support/login_quickstart • Works for 17 systems • Doesn’t work for 9 • https://www.teragrid.org/web/user-support/site_passwords

  7. Paul’s 9/22 KB additions • On the KB side, I added the NICS and TACC warnings to the following docs (using shorter IU URLs): • What's the recommended method for everyday access to the TeraGrid? (https://kb.iu.edu/data/asvw.html) • What is a TeraGrid-wide login? (https://kb.iu.edu/data/avtc.html) • On the TeraGrid, what is Single Sign-On? (https://kb.iu.edu/data/avup.html) • Why do I get an authentication error after installing Single Sign-on capability on my Unix, Linux, or Mac OS X computer? (https://kb.iu.edu/data/axsn.html) • How do I get started using the TeraGrid? (https://kb.iu.edu/data/ayrd.html) • What methods can I use to access TeraGrid resources? (https://kb.iu.edu/data/ayry.html)

More Related