Dear All, let me introduce our OpenNebula Sunstone-SimpleSAMLphp integration solution: http://ssp-for-opennebula.sztaki.hu/
And here is the corresponding patch in the issue tracker: http://dev.opennebula.org/issues/1731 In a nutshell, with this solution we can use our SAML-based institutional Single Sign On system for delegating resources in our cloud. When a user first time accesses the Sunstone frontend, its user gets created within nebula. Based on an entitlement, he/she will be put in an OpenNebula group that was created with certain quotas for a project or department by us, administrators. Users can participate in many groups, in which case they have to choose their group for each session. Unfortunately nebula does not support multiple group membership, so we move these users each time using the auth module. Now we have this work flow to grant access to our cloud: -a bunch of people requests resources from the cloud for their fancy project. We call this bunch of people a Virtual Organization. -we create a nebula group for them with quotas. In our VO software we entitle some of these people to be VO managers. Then, they can invite, remove others, etc. People from other institutes in the national/european SAML federations can also be invited. But all this happens outside nebula so we only have to create the group and that's it. Moreover they can get e.g. their own trac or wiki that are also SAML enabled, and attached for the VO. Then use Single Sign-On between them. Anyway, this patch and the corresponding simpleSAMLphp modules made our lives much easier. We hope it will help some of you out there as well. Unfortunately, because of the nature of the task many smaller changes scattered around the web code needed to be made, e.g. for disabling the normal login screen, etc. But these are not core stuff, so we hope one our patch can make it one day into the main code base. If you have any questions/suggestions don't hesitate to contact us! Cheers, Mihály Héder, Milán Unicsovics MTA SZTAKI ITAK _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
