Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Register your identity in the COMANGE admin interface at  https://am03.pilots.aarc-project.eu/registry/

 

User lands to the Sign up page, either directly or indirectly

WAYF page: user selects either HO IdP (boring for us) or a Social Link page - Social IDPs - 

User select Social IDPs or ORCID

User is redirected to the Sign In page of the IDP :   Google Login for example

IDP proxy sends information to COMANAGE (SP) inside a SAML assertion

We have now 2 choices:  LoA is enough  ---->   Registoration SELF-SERVICE Registration inside COMANAGE  ( Self Service FLow in COMANAGE - when user coming from eduGAIN IDP )

 -->  IF upstream IDP supports R & S  --> automatic attribute exchange  

If the upstrad IDP cannot provide all attributes, or if the IDP is social (  = Affiliation Attribute is missing) --> user asked to provide himself the affiliation ( --> user asserted)

The Registration process will therefore also inform the Sponsor of the VO :  " user John Smith asked for registration  on the COMANAGE collaboration " )

The Sponsor user has to approve the request ( specific enrolloment process - Approval based registration within COMANAGE)

The user email shows up inside comanage  -   Subject Identifier retained by Google - Unique, Persistent, non-Reassignable (not the email address of google)

The connector passes this IDP to the IDP/SP proxy 

The PX generated an opaque ID in  Google --> Sent to COMANAGE SP  the EGI-ID (proxy generated one) 

COMANAGE does not store the Google ID , but the EGI SP generated one.

 

 

 

================================================================

Invitation based flow

================================================================

Account link