|Demonstration of SSO on |
| ||Portal |
- Transparent intercept of attempts to access the Portal Aspect, redirecting the user to the CILogon federated-identity login screen, thence to an institutional login screen (NCSA 2FA and Stanford 2FA were shown), and thence to the actual application. (It was not demonstrated, but also works, to start with the Notebook Aspect.)
- Ability to access the Notebook Aspect (from the same browser) with no further login required. (This relies on the token already retained by the browser.)
- Browser-level access to a WebDAV service exposing the NCSA GPFS
/datasets directory tree, again with no further login required. Full user impersonation is apparently implemented in the server, but this was not explicitly demonstrated (e.g., by attempting to access a file with owner-only access).
- Access through Firefly to a FITS file in the workspace
- Roll-out plans for
- TAP service authorization
- What happens when someone uses valid credentials for an external identity that is not associated with an LSST/NCSA account?
- How will we use 3rd-party WebDAV clients? TOPCAT?