Closed mbjones closed 6 years ago
Original Redmine Comment Author Name: ben leinfelder (ben leinfelder) Original Date: 2013-02-13T06:26:06Z
On #1, yes, we are using a different account. I could have set up the test KNB IdP to use the o=NCEAS tree but I used the ou=Account tree to catch a more diverse set of users without committing to any one organizational affiliation. As far as I understand it, our IdP strategy is still in discussion even though we are running out of time to set up a production-ready IdP before a Morpho 2.0.0 release.
On #2, after a legacy "uid=X,o=Y" account has been mapped to its CILogon identity, the user will have the same level of access enjoyed previously. We should investigate the "owner" pathquery processing to make sure it honors this mapped access, but otherwise direct manipulations using a mapped identity should work without the user noticing any change.
In general I do feel as though there is still some uncertainty about how this will all be configured for our system (KNB) and for other similar systems that have been relying on our LDAP structure for many many years. The technical hurdles are less troublesome than the organizational/ID management decisions that need to be finalized at this point.
Original Redmine Comment Author Name: ben leinfelder (ben leinfelder) Original Date: 2013-02-13T20:32:49Z
I've now included the equivalent identities (listed in the CILogon certs that contain SubjectInfo) as additional
Original Redmine Comment Author Name: ben leinfelder (ben leinfelder) Original Date: 2013-02-15T06:41:52Z
This is resolved in the sense that Morpho has been updated to search for packages that are owned by any of the equivalent identities. The other identity issues are being tracked in redmine: https://redmine.dataone.org/issues/3513
Original Redmine Comment Author Name: Redmine Admin (Redmine Admin) Original Date: 2013-03-27T21:31:56Z
Original Bugzilla ID was 5864
Author Name: Matt Jones (Matt Jones) Original Redmine Issue: 5864, https://projects.ecoinformatics.org/ecoinfo/issues/5864 Original Date: 2013-02-12 Original Assignee: ben leinfelder
Logging into the new version of Morpho using ECP has two negative side effects that need to be resolved.
1) The ECP login uses the ou=Account subtree, so my password changed and most users will not realize this, and thus will not be able to find their previously saved data packages
2) the DN for logged in users changes to the CILogon DN, which also causes their previously created data to not show up. Even once the user's old knb id is mapped to their new CILogon DN, its not clear if their data will be accessible in Morpho.