umbrellaID Technical Training

Europe/Zurich
Björn Erik Abt (PSI - Paul Scherrer Institut), Christos Kanellopoulos, Jean-François Perrin (ESRF)
Description

The umbrellaID team, with the help of GÉANT, is currently preparing UmbrellaID for the EOSC era. The technical architecture is evolving, new functionalities are being added and policies, organisations need discussions and sometime revisions.

The aim of this training workshop is to share the recent technical and organisational developments and ensure that the IT professionals of the PaN community are at ease with the concepts, processes and technologies in use, and are eventually able to actively participate in the evolution of our community AAI.

Registration
Please register for the event
    • 09:30 09:45
      Introduction 15m
      Speakers: Björn Erik Abt (PSI - Paul Scherrer Institut), Jean-François Perrin (ESRF)
    • 09:45 10:00
      What is umbrellaID and current status of developments 15m
      Speaker: Jean-François Perrin (ESRF)
    • 10:00 10:25
      Overview of AARC and EOSC AAI 25m
      Speaker: Christos Kanellopoulos
    • 10:25 10:45
      Authorisation Model 20m

      Local mapping of identities.
      Community model.

      Speaker: Jean-François Perrin (ESRF)
    • 10:45 11:00
      Morning virtual coffee break 15m
    • 11:00 11:45
      SSO - SAML and OIDC 45m

      Introduction of protocols.
      Explanation of the workflows.
      How are the tokens travelling?
      Tools for debugging.
      Q&A

      Speakers: Björn Erik Abt (PSI - Paul Scherrer Institut), Christos Kanellopoulos
    • 11:45 12:00
      Keycloak introduction 15m

      Local SSO, keycloak as an example.

      Speaker: Jean-François Perrin (ESRF)
    • 12:00 13:30
      Lunch 1h 30m
    • 13:30 15:15
      Hands on session: Keycloak deployment and integration with UmbrellaID 1h 45m

      In order to get the full benefit from this session, participants need to have access to a Linux machine (a VM will be perfect) and are guided in installing keycloak. This machine should have access to the internet and should be accessible from the internet (ideally direct access, but HTTP proxy and reverse HTTP proxy are also valid scenarios to get these access). DNS resolution should be in place and should be identical from everywhere (I.E. the machine should be referenced with the same domain name from the RI/lab intranet and public internet network), you also need to have a valid X509 server certificate. Once the keycloak instance will be set up we will link it to the umbrellaID acceptance environment to demonstrate the full flow.

      Speaker: Jean-François Perrin (ESRF)
    • 15:15 15:30
      Afternoon virtual coffee break 15m
    • 15:30 16:30
      cURL demonstration of OIDC and the integration in your application 1h
      Speakers: Björn Erik Abt (PSI - Paul Scherrer Institut), Christos Kanellopoulos
    • 16:30 16:50
      Wrapup and Q&A 20m
      Speakers: Björn Erik Abt (PSI - Paul Scherrer Institut), Christos Kanellopoulos, Jean-François Perrin (ESRF)