Clarify docs that Shibboleth/SAML is supported by OpenID Connect (OIDC)

[pdurbin]

http://guides.dataverse.org/en/4.19/installation/shibboleth.html doesn't mention OpenID Connect (OIDC) but from a quick test with @poikilotherm at https://data-beta.fz-juelich.de I seem to be able to log in with my HarvardKey. As the screenshots below indicate, now I just need to wait for someone to approve my account.

[pdurbin]

I got an email and clicked a link. "Sign Up completed."

I'm not sure what to do now... I guess I should return to the other browser window that looks like this:

[apw1388]

Sadly you have no redirect to the services after the registration. You need to restart the login flow from the services.

[pdurbin]

@apw1388 thanks. At http://irclog.iq.harvard.edu/dataverse/2020-02-27#i_119565 @poikilotherm suggested "Just close that popup/overlay and click on the Harvard IdP again" and I just did. This is what I got:

Is this all looking ok? Should I click "Confirm"?

[poikilotherm]

Perfectly fine! :smile: Yeah, the UX still needs tuning...

And beware: the Dataverse side is not perfectly ready for this yet. That's why I opened that huge bunch of issues, like #6679, #6690, #6694 etc. I will need #6694 also for my ideas about group mapping and custom attributes back in #5974

[pdurbin]

@poikilotherm ok, I clicked "Confirm" (after first clicking the arrow to see more details) and this is what I got:

I clicked "Central Library - Research Data Management" and got a spinner and then the text moved.

I made the window taller:

Not sure what's going on. Nothing in the Javascript console log.

[pdurbin]

@poikilotherm just asked "Could you just re-initiate the login?" and I did and it worked! 🎉

Good job @poikilotherm and @apw1388 !!!

[pdurbin]

Along the way a couple emails came through:

@poikilotherm if you host your own guides and configure http://guides.dataverse.org/en/4.19/installation/config.html#guidesbaseurl you could mention https://login.helmholtz-data-federation.de in your custom guides (the guides link is in the "Jülich DATA - Beta Training Facility: Your account has been created" email) and explain in your custom guide that MULTIPLE LOGIN TO THE SAME ACCOUNT (for me HarvardKey, ORCID, GitHub) IS SUPPORTED! The dream of #3487 is alive!!! 🎉 🎉 🎉 I need to lie down. 🛏

[bencomp]

I think this issue is about adding a link from the Shibboleth installation page to the OIDC page, but I'm not sure. Could you elaborate, @pdurbin? I don't understand this issue's title: "Shibboleth/SAML is supported by OpenID Connect (OIDC)".

[pdurbin]

@bencomp right, at minimum I was thinking we could add a section at the end of doc/sphinx-guides/source/installation/shibboleth.rst that links to the OIDC docs. Maybe "Other Ways to Support Shibboleth/SAML" could be the title of the section.

The OIDC docs are here: doc/sphinx-guides/source/installation/oidc.rst

[bencomp]

I think what you mean is "Other ways to support single sign-on" as the section title? Otherwise this is clear.

[pdurbin]

Sure, that's fine. Here's a preview of how the OIDC page will look in the next release: https://preview.guides.gdcc.io/en/develop/installation/oidc.html

Please note that SAML is mentioned a couple times. It's a way not to run Shibboleth:

As a use case:

• You want to use the eduGain Federation or other well known SAML federations, but don’t want to deploy Shibboleth as your service provider. Using an IDM solution in front easily allows you to use them without hassle.

[cmbz]

To focus on the most important features and bugs, we are closing issues created before 2020 (version 5.0) that are not new feature requests with the label 'Type: Feature'.

If you created this issue and you feel the team should revisit this decision, please reopen the issue and leave a comment.

[pdurbin]

It's fine that this issue was closed. Auth will be changing a lot in the future. I recommend reading our doc on it: https://docs.google.com/document/d/1624KuPj4zp_TQzWivqaNY3YUCzibwFib8tZUz_IshTo/edit?usp=sharing