As a service admin, I want to request a new service directly from SBS

FlorisFokkinga commented 1 year ago

Allow all users to create services
- For users that are not service admin or platform admin, add 'Request a service' to the profile menu, below 'Request/add a collaboration'. (This menu item is removed after the user becomes a service admin, since they now have a button on the service tab on the home page.)
Limit the create service form to what is listed below. (Since the service has not admin, and not organisations are allowed, the service is only visible for platform admins.)
Platform admins are notified are new service is created (existing functionality) and allow or delete the service
- In case of deleting the service, the platform admin should email the user with an explanation
In case the user selected OIDC or SAML, the platform admin connects the service to eduTEAMS and enters the entity ID

The platform admin invites the user as service admin (this information should be stored somewhere), text prefilled:


Your service request was approved, you are invited as service admin in SURF Research Access Management.
You can now:
* Select from which organisation collaborations can connect to your service
* Try to login to your service, if you use SAML or OIDC (requires membership of a collaboration)
* Connect the service via LDAP, SCIM, PAM web login or a user token
* Invite additional service admins
* Create service groups, that will be provisioned to connected collaborations

Button [Manage my service]



| Section    | Attribute                                    |
| ----------------- | --------------------------------------- |
| About the service | Name                                    |
|                   | Short name                              |
|                   | Description                             |
|                   | Logo                                    |
|                   | Providing organisation                  |
|                   | Login URL for users                     |
|                   |                                         |
| Support           | Website                                 |
|                   | User support contact                    |
|                   | Adminstrative contact                   |
|                   | Security contact                        |
|                   |                                         |
| Policies          | Privacy policy URL                      |
|                   | Acceptable use policy URL               |
|                   | Coco                                    |
|                   | Sirtfi                                  |
|                   | R&S                                     |
|                   |                                         |
| Connection        | OpenID connect (radio button, reveals)                          |
|                   | OIDC redirect URLs                      |
|                   | SAML (radio button, reveals)                               |
|                   | SAML metadata URL or upload             |
|                   | Neither (radio button) |
|                   | Other protocols can be selected later (In text) |
|                   |                                         |
| Comments          | Comments about this request             |
|                   | [Submit request]                        |
|                   |                                         |

FlorisFokkinga commented 1 year ago

All SRAM user can request a service
Platform admins approve the service request
Minimal required set of attributes in eduTEAMS
User can make up a short name

FlorisFokkinga commented 1 year ago

Allow all users to create services
- For users that are not service admin or platform admin, add 'Request a service' to the profile menu, below 'Request/add a collaboration'.
Limit the create service form to what is listed below
Platform admins are notified are new service is created (existing functionality) and allow or delete the service
- In case of deleting the service, the platform admin should email the user with an explanation
In case the user selected OIDC or SAML, the platform admin connects the service to eduTEAMS and enters the entity ID

The platform admin invites the user as service admin (this information should be stored somewhere), text prefilled:


Your service request was approved, you are invited as service admin in SURF Research Access Management.
You can now:
* Select from which organisation collaborations can connect to your service
* Try to login to your service, if you use SAML or OIDC (requires membership of a collaboration)
* Connect the service via LDAP, SCIM, PAM web login or a user token
* Invite additional service admins
* Create service groups, that will be provisioned to connected collaborations

Button [Manage my service]



| Section    | Attribute                                    |
| ----------------- | --------------------------------------- |
| About the service | Name                                    |
|                   | Short name                              |
|                   | Description                             |
|                   | Logo                                    |
|                   | Providing organisation                  |
|                   | Login URL for users                     |
|                   |                                         |
| Support           | Website                                 |
|                   | User support contact                    |
|                   | Adminstrative contact                   |
|                   | Security contact                        |
|                   |                                         |
| Policies          | Privacy policy URL                      |
|                   | Acceptable use policy URL               |
|                   | Coco                                    |
|                   | Sirtfi                                  |
|                   | R&S                                     |
|                   |                                         |
| Connection        | OpenID connect (radio button, reveals)                          |
|                   | OIDC redirect URLs                      |
|                   | SAML (radio button, reveals)                               |
|                   | SAML metadata URL or upload             |
|                   | Neither (radio button) |
|                   | Other protocols can be selected later (In text) |
|                   |                                         |
| Comments          | Comments about this request             |
|                   | [Submit request]                        |
|                   |                                         |

FlorisFokkinga commented 1 year ago

Add/request/register service

For any user.

Review page

For platform admins.

FlorisFokkinga commented 1 year ago

Discussed. Let's treat a service request like a CO request. Show requests in a table (like services for admins are).

FlorisFokkinga commented 1 year ago

Seems to work very well. Some small improvements:

Bread crumbs link to broken path 'services-requests' instead of 'service-requests'.
Request button with missing required information scrolls to the top, not to the fields with problems
Make comment field optional
Default LDAP to 'disabled' on approving a service
~~Improve the translation~~ #922
Add a 'request service' button to the services tab for service admins (so after the first service request has been granted)
Remove 'request service' from the menu to the upper right whenever the user can use the button on the services tab.
The error on empty 'Administrative contact' is a bit silly, since a service admin cannot have been assigned yet: Administrative email is required if there are no service administrators
The 'Request for new service' email has a header 'Collaboration request' in the body
SAML metadata files may contain high ASCII characters or even non-ASCII UTF-8. Please support that.

FlorisFokkinga commented 1 year ago

A users that is service admin of one service, and not member or admin of anything else, cannot request another service. The 'home' breadcrumb is immediately redirected back to the service page.

baszoetekouw commented 1 year ago

Works now

SURFscz / SBS

As a service admin, I want to request a new service directly from SBS #558

Add/request/register service

Review page