...
Access to the cloud resources | ||
---|---|---|
1. | Access OpenStack's Dashboard (Horizon) at https://am02.pilots.aarc-project.eu/horizon Select "External authentication and login" and click on "Connect".
| |
2. | Select your Identity Provider from the discovery page (WAYF). The institutional IdP to select (considered for demo purposes only) is: AARC DIY Identity Provider | |
3. | Enter your login credentials to authenticate yourself with the IdP of your Home Organisation. We will show three cases: a) an user belonging to aarc-yellow CO with admin role b) an user belonging to aarc-yellow CO with no particular roles c) an user belonging to aarc-blue CO with admin role | |
4b. | -- member of aarc-yellow CO without any priviledged role -- After successful authentication, the user needs to give the consent for releasing your personal information to the Service Provider mentioned in the page (the OpenStack framework in our case). Among the data that will be passed to the Service Provider, there are the Entitlements released by the attribute authority COmanage regarding the ownership in the COs and the roles. In this case the Entitlement contains this piece of information: urn:mace:aarc-project.eu:am03.pilots.aarc-project.eu:members:member@aarc-yellow.pilots.aarc-project.eu That is the piece of information used for properly mapping the users to the OpenStack projects. Click on "yes" for going on.
| |
5b. | The user is successfuly redirected to the OpenStack Dashboard, mapped to a Keystone user group based on the values of the Entitlement attribute, with the eppn as username. In this case the user is accessing the aarc-yellow project with the rights for a "regular user" (no administrative rights). | |
4a. | -- user belonging to aarc-yellow CO and with admin role -- After successful authentication, the user needs to give the consent for releasing your personal information to the Service Provider mentioned in the page (the OpenStack framework in our case). Among the data that will be passed to the Service Provider, there are the Entitlements released by the attribute authority COmanage regarding the ownership in the COs and the roles. In this case the Entitlement contains these pieces of information: urn:mace:aarc-project.eu:am03.pilots.aarc-project.eu:members:member@aarc-yellow.pilots.aarc-project.eu urn:mace:aarc-project.eu:am03.pilots.aarc-project.eu:admin:member@aarc-yellow.pilots.aarc-project.eu That is the piece of information used for properly mapping the users to the OpenStack projects. Click on "yes" for going on.
| |
5a. | The user is successfuly redirected to the OpenStack Dashboard, mapped to a Keystone user group based on the values of the Entitlement attribute, with the eppn as username. In this case the user is accessing to the aarc-yellow project with administrative rights. | |
4c. | -- user belonging to aarc-blue CO and with admin role -- After successful authentication, the user needs to give consent for releasing personal information to the Service Provider mentioned in the page (the OpenStack framework in our case). Among the data that will be passed to the Service Provider, there are the Entitlements released by the attribute aggregatore COmanage regarding the ownership in the COs and the roles. In this case the Entitlement contain these pieces of information: urn:mace:aarc-project.eu:am03.pilots.aarc-project.eu:members:member@aarc-blue.pilots.aarc-project.eu urn:mace:aarc-project.eu:am03.pilots.aarc-project.eu:admin:member@aarc-blue.pilots.aarc-project.eu That is the piece of information used for properly mapping the users to the OpenStack projects. Click on "yes" for going on.
| |
5c. | The user is successfuly redirected to the OpenStack Dashboard, mapped to a Keystone user group based on the values of the Entitlement attribute, with the eppn as username.. In this case the user is accessing the aarc-blue project with administrative rights. | |
...