**This is an old revision of the document!**
Federated Identity with Globus ID
Globus ID (Globus ID) is an identity provider operated Globus.org, a cloud based bulk data transfer solution used by AHPCC. A Globus ID account is required to use the Globus data transfer system, which is the recommended solution for Moving Data. The same Globus ID account can be used to log into AHPCC clusters. Globus ID's are free to create and can be linked to multiple identities, including those from schools with a membership in InCommon federation.
Using Globus ID to log into AHPCC
oauth-ssh client is needed to authorized a host machine to connect to the AHPCC cluster using a Globus ID. The oauth-ssh is a python package that can be installed using pip:
[pawel@frontdesk ~]$ pip3 install oauth-ssh Defaulting to user installation because normal site-packages is not writeable Collecting oauth-ssh Using cached oauth_ssh-0.14-py2.py3-none-any.whl (15 kB) Collecting click<8,>=7.0 Using cached click-7.1.2-py2.py3-none-any.whl (82 kB) Requirement already satisfied: requests<3,>=2.5.0 in /usr/local/lib/python3.6/site-packages (from oauth-ssh) (2.27.1) Requirement already satisfied: paramiko<3,>=2.5.0 in /usr/local/lib/python3.6/site-packages (from oauth-ssh) (2.11.0) Requirement already satisfied: bcrypt>=3.1.3 in /usr/local/lib64/python3.6/site-packages (from paramiko<3,>=2.5.0->oauth-ssh) (3.2.2) Requirement already satisfied: pynacl>=1.0.1 in /usr/local/lib64/python3.6/site-packages (from paramiko<3,>=2.5.0->oauth-ssh) (1.5.0) Requirement already satisfied: cryptography>=2.5 in /usr/local/lib64/python3.6/site-packages (from paramiko<3,>=2.5.0->oauth-ssh) (37.0.4) Requirement already satisfied: six in /usr/local/lib/python3.6/site-packages (from paramiko<3,>=2.5.0->oauth-ssh) (1.16.0) Requirement already satisfied: urllib3<1.27,>=1.21.1 in /usr/local/lib/python3.6/site-packages (from requests<3,>=2.5.0->oauth-ssh) (1.26.10) Requirement already satisfied: idna<4,>=2.5 in /usr/local/lib/python3.6/site-packages (from requests<3,>=2.5.0->oauth-ssh) (3.3) Requirement already satisfied: charset-normalizer~=2.0.0 in /usr/local/lib/python3.6/site-packages (from requests<3,>=2.5.0->oauth-ssh) (2.0.12) Requirement already satisfied: certifi>=2017.4.17 in /usr/local/lib/python3.6/site-packages (from requests<3,>=2.5.0->oauth-ssh) (2022.6.15) Requirement already satisfied: cffi>=1.1 in /usr/local/lib64/python3.6/site-packages (from bcrypt>=3.1.3->paramiko<3,>=2.5.0->oauth-ssh) (1.15.1) Requirement already satisfied: pycparser in /usr/local/lib/python3.6/site-packages (from cffi>=1.1->bcrypt>=3.1.3->paramiko<3,>=2.5.0->oauth-ssh) (2.21) Installing collected packages: click, oauth-ssh Successfully installed click-7.1.2 oauth-ssh-0.14 [pawel@frontdesk ~]$
Once oauth-ssh client is installed, your client machine (the host from which your are logging into Pinnacle) has to be authorized to connect to Pinnacle login node, login.hpc.uark.edu:
[pawel@frontdesk ~]$ oauth-ssh-token authorize login.hpc.uark.edu Please go to this URL and login: https://auth.globus.org/v2/oauth2/authorize?redirect_uri=https%3A%2F%2Fauth.globus.org%2Fv2%2Fweb%2Fauth-code&client_id=b373be16-f444-45f7-a144-e2c99a8ab704&access_type=offline&state=_default&code_challenge=oCnX1sCh7PKBXbifG1F_y8l5QmTjeicXeNbyuKQU7Cc&code_challenge_method=S256&response_type=code&scope=https%3A%2F%2Fauth.globus.org%2Fscopes%2Flogin.hpc.uark.edu%2Fssh Please enter the code you get after login here:
The oauth-ssh-token authorize login.hpc.uark.edu command generates a link to a Globus login page. Copy and paste this link into your browser.
From the drop down menu, select your school/Organization. After pressing continue you will be redirected to your school's/organization's identity provider login. Below is the University of Arkansas's idp:
To use a Globus ID, try to log into Globus using your school's identity provider. The drop
If you do not already have a Globus ID, you can create one here: https://www.globusid.org/create?viewlocale=en_US
