Arkansas High Performace Computing Center [hpcwiki]

User Tools

Site Tools

Trace:
federated_identity_login

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
federated_identity_login [2022/07/27 14:21]
pwolinsk created 		federated_identity_login [2022/07/27 15:26] (current)
pwolinsk
Line 1: Line 1:
 ==== Federated Identity with Globus ID ==== ==== Federated Identity with Globus ID ====
-Globus ID ([[https://www.globusid.org/faq|Globus ID]]) is an identity provider operated [[https://www.globus.org|Globus.org]], a cloud based bulk data transfer solution used by AHPCC.  A Globus ID account is required to use the Globus data transfer system, which is the recommended solution for [[moving_data | Moving Data]].  The same Globus ID account can be used to log into AHPCC clusters.  Globus ID's are free to create and can be linked to multiple identities, including those from schools with a membership in [[https://www.incommon.org/federation/|InCommon]] federation.+Globus ID ([[https://www.globusid.org/faq|Globus ID]]) is an identity provider operated [[https://www.globus.org|Globus.org]], a cloud based bulk data transfer solution used by AHPCC.  A Globus ID account is required to use the Globus data transfer system, which is the recommended solution for [[moving_data | Moving Data]] to and from Pinnacle storage.  The same Globus ID account can be used to log into AHPCC clusters.  Globus ID's are free to create and can be linked to multiple identities, including those from schools which are members of [[https://www.incommon.org/federation/|InCommon]] federation.
  
 +**NOTE:** To log into Pinnacle, both a Globus ID and an associated local Pinnacle account have to exist.  Simply having a Globus ID account will not be enough to log into AHPCC clusters.
  
-==== Using Globus ID to log into AHPCC ==== +==== Using Globus ID to log into AHPCC ==== 
-**oauth-ssh** client is needed to authorized a host machine to connect to the AHPCC cluster using a Globus ID. The **oauth-ssh** is a python package that can be installed using pip:+**oauth-ssh** client is needed to authorized a host machine to connect to the AHPCC cluster using a Globus ID. The **oauth-ssh** is a python package that can be installed using **pip** (python package manager):
  
 <code> <code>
Line 30: Line 31:
 </code> </code>
  
-Once **oauth-ssh** client is installed, your client machine (the host from which your are logging into Pinnacle) has to be authorized to connect to Pinnacle login node, **login.hpc.uark.edu**:+Once **oauth-ssh** client is installed, your client machine (the host from which your are logging into Pinnacle) has to be authorized to connect to the Pinnacle login node, **login.hpc.uark.edu**:
  
 <code> <code>
Line 42: Line 43:
 {{::globus-login.png?600|}} {{::globus-login.png?600|}}
  
-From the drop down menu, select your school/Organization.  After pressing continue you will be redirected to your school's/organization's identity provider login.  Below is the University of Arkansas's idp: +From the drop down menu, select your school/Organization.  After pressing continue you will be redirected to your school's/organization's identity provider login.  If your school/organization is not listed int the drop down menu, click on the "Sign in with Globus ID" button to create a separte Globus ID account, or use the "Sign in with Google" or "Sign in with ORCID" links.  University of Arkansas is listed in the menu.  Below an example of logging in using the University of Arkansas's idp:
  
 {{::login-uaf-idp.png?600|}} {{::login-uaf-idp.png?600|}}
-To use Globus ID, try to log into [[https://www.globus.org/|Globus]] using your school's identity provider The drop + 
-If you do not already have a Globus ID, you can create one herehttps://www.globusid.org/create?viewlocale=en_US+After successful authentication you will be redirected to a page with a temporary token: 
 +{{::globus-token.png?600|}} 
 + 
 +Copy and paste this token into your terminal window: 
 + 
 +<code> 
 +[pawel@frontdesk ~]$ oauth-ssh-token authorize login.hpc.uark.edu 
 +Please go to this URL and login: https://auth.globus.org/v2/oauth2/authorize?redirect_uri=https%3A%2F%2Fauth.globus.org%2Fv2%2Fweb%2Fauth-code&client_id=b373be16-f444-45f7-a144-e2c99a8ab704&access_type=offline&state=_default&code_challenge=R9N64HSJVhRqt0zesM0rtzpkbg2YHe3bXW3F5S0Q9Ew&code_challenge_method=S256&response_type=code&scope=https%3A%2F%2Fauth.globus.org%2Fscopes%2Flogin.hpc.uark.edu%2Fssh 
 +Please enter the code you get after login here: MZzXX5GhCw7hr7uH80nU4StddODSQV 
 +[pawel@frontdesk ~]$  
 +</code> 
 + 
 +Your host is now authorized for logging into login.hpc.uark.edu for 48 hours.  To log in, you can either use **oauth-ssh** client: 
 + 
 +<code> 
 +[pawel@frontdesk ~]$ oauth-ssh login.hpc.uark.edu 
 + 
 +Last failed loginWed Jul 27 08:14:45 CDT 2022 from 184.180.249.7 on ssh:notty 
 +There were 4 failed login attempts since the last successful login. 
 +Last login: Wed Jul 27 08:12:10 2022 from 184.180.249.7 
 + 
 +     Welcome to login.hpc.uark.edu - Globus Authentication test login VM 
 + 
 +-bash-4.2$  
 +</code> 
 +or your regular ssh client, by copying and pasting the output of **oauth-ssh-token show token login.hpc.uark.edu** at the OAuth token prompt: 
 + 
 +<code> 
 +[pawel@frontdesk ~]$ oauth-ssh-token show token login.hpc.uark.edu 
 +Ay525VXDNakMxKGVJ8dx0B5gl95mlj0ldjkngVdqQOOeaJ3ouVCB1gWOYkQrOKYW0oYnaX52dbOzIW92B1XHQ5mXj 
 +[pawel@frontdesk ~]$ ssh pwolinsk@login.hpc.uark.edu 
 +Enter your OAuth token:  
 +Last login: Wed Jul 27 09:39:10 2022 from 10.172.0.199 
 + 
 +     Welcome to login.hpc.uark.edu - Globus Authentication test login VM 
 + 
 +-bash-4.2$  
 +</code>
  
federated_identity_login.1658931677.txt.gz · Last modified: 2022/07/27 14:21 by pwolinsk

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki