Marcus Christie created AIRAVATA-2606:
-----------------------------------------
Summary: CILogon: assign users to groups based on their institution
Key: AIRAVATA-2606
URL: https://issues.apache.org/jira/browse/AIRAVATA-2606
Project: Airavata
Issue Type: New Feature
Reporter: Marcus Christie
Automatically assign users to groups in the sharing registry (or whatever
service acts as the source of truth for groups) when they come in through
CILogon, based on the institution into which they signed in.
These groups can then be utilized by the group based authorization work that is
ongoing to automatically grant authorization to users logging in through
particular institutions.
To do this I think we would need to get the access token that Keycloak gets
back from CILogon, which should be doable, Keycloak can store these and make
them available for later retrieval. These tokens can then be used to get
additional CILogon specific user information.
Nice to have: I think CILogon can also provide information on a CILogon user's
role within the institution as well (faculty, staff, student) and fetching this
and creating subgroups based on this would be desirable too.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
