...
Register your identity in the COMANGE admin interface at https://am03.pilots.aarc-project.eu/registry/
User lands to the Sign up page, either directly or indirectly
WAYF page: user selects either HO IdP (boring for us) or a Social Link page - Social IDPs -
User select Social IDPs or ORCID
User is redirected to the Sign In page of the IDP : Google Login for example
IDP proxy sends information to COMANAGE (SP) inside a SAML assertion
We have now 2 choices: LoA is enough ----> Registoration SELF-SERVICE Registration inside COMANAGE ( Self Service FLow in COMANAGE - when user coming from eduGAIN IDP )
--> IF upstream IDP supports R & S --> automatic attribute exchange
If the upstrad IDP cannot provide all attributes, or if the IDP is social ( = Affiliation Attribute is missing) --> user asked to provide himself the affiliation ( --> user asserted)
The Registration process will therefore also inform the Sponsor of the VO : " user John Smith asked for registration on the COMANAGE collaboration " )
The Sponsor user has to approve the request ( specific enrolloment process - Approval based registration within COMANAGE)
The user email shows up inside comanage - Subject Identifier retained by Google - Unique, Persistent, non-Reassignable (not the email address of google)
The connector passes this IDP to the IDP/SP proxy
The PX generated an opaque ID in Google --> Sent to COMANAGE SP the EGI-ID (proxy generated one)
COMANAGE does not store the Google ID , but the EGI SP generated one.
================================================================
Invitation based flow
================================================================
Account link