CTA Pilot Description
CTA is a community of astrophysics users which already had its own AAI solution in place, and represents for AARC, in this respect, a very good example of how to address the needs of a community who already developed an AAI, in their case based on a SAML stand-alone, catch all Identity Provider, integrated with a Group management tool used for Authorization on selected services providers.
...
Even if this pilot proposes a solution for the CTA community, its components high flexibility allow to change configuration, so every scientific reality that needs this solution can adapt it to their community, to fit their needs of authentication and authorization.
Pilot Implementation phases
While onboarding the CTA community, to reach the desired AAI model (based on a central proxy and a community Attribute Authority (COmanage) ), two main streams of work have been designed and implemented:
...
The frist step implemented in the phase of the pilot is the integration of COmanage and Grouper. Grouper is a Group management tool used by the CTA community to manage Authorization while connecting to their Service Providers. One of the requirements for CTA is to keep making use of this tool as a front end to their services. . COmanage is a comprehensive Attribute Authority, managing the enrollment of users via their IdPs through different cpnfigurable workflows. For CTA user self-enrollment via a moderator admin user has been implemented.
CTA pilot Architecture