If coming from KeyCloak, having authenticated with OIDC connected to OSC LDAP, we should auto-map the users "KeyCloak account" with their OSC account, and redirect them to their original destination.
Therefore, this is the user flow for a first time OSC user logging in via KeyCloak:
This diagram was created using: ood_auth_registration.activity.violet.html.txt. Rename this file by dropping the txt extension. Then you can view and edit using Violet UML Editor 2.0.1.
The /register/mappings.php page will:
use OOD_USER_MAP_CMD to determine if the logged in user is already mapped. If not, redirect the user to /register
display prominently the DN and associated claim headers (provider information) and the username you are logged in as. This can look similar to the register page. If it makes things easier.
(optionally) show other DNs mapped to this username with the ability to delete them
Hide the delete button (and explain that this mapping cannot be deleted) if the mapping is between OSC-LDAP and the HPC account.
When deleting a mapping from /register/mappings.php:
If coming from KeyCloak, having authenticated with OIDC connected to OSC LDAP, we should auto-map the users "KeyCloak account" with their OSC account, and redirect them to their original destination.
Therefore, this is the user flow for a first time OSC user logging in via KeyCloak: