CTA Pilot Description
The goal of this pilot is to provide a non-invasive solution to simplify access to CTA services from eduGAIN and the CTA community.
...
A long term goal of this pilot is to move have the CTA community moving from a stand-alone AAI solution based on IdP to a fully federated one.
...
Even if this pilot proposes a solution for the CTA community, its components high flexibility allow to change configuration, so every scientific reality that needs this solution can adapt it to their community, to fit their needs of authentication and authorization.
Pilot Implementation phases
While onboarding the CTA community, to reach the desired AAI model (based on a central proxy and a community Attribute Authority (COmanage) ), two main streams of work have been designed and implemented:
A) Provisioning inside COmanage of already existing CTA IDs inside the CTA catch-all Identity Provider
To provision ID of already existing CTA users inside COmanage, we have made use of a temporary LDAP server and the LDAP user provisioning plugin of COmanage.
B) Model and implement an enrollment workflow for eduGAIN users ( not already inside CTA IdP) - Functional integration of COmanage
The frist step implemented in the phase of the pilot is the integration of COmanage and Grouper. Grouper is a Group management tool used by the CTA community to manage Authorization while connecting to their Service Providers. One of the requirements for CTA is to keep making use of this tool as a front end to their services. . COmanage is a comprehensive Attribute Authority, managing the enrollment of users via their IdPs through different cpnfigurable workflows. For CTA user self-enrollment via a moderator admin user has been implemented.
This part describes pilot's test phase, emphasizing progress and results.
...
Have you achieved your goals?
Any planned improvements for future releases?
...
CTA pilot Architecture