Closed tscollins-nygc closed 5 years ago
There's an issue with account mapping for idp_suffix. It should accept the value nygenome.org@accounts.google.com
. I'm looking at a patch for that now.
Thanks @JasonAlt look forward to testing out the patch when available.
oauth-ssh version 0.10-1 should be available now in the xsede development repo (same repo this project has always used). Could you verify that it fixes this issue?
@JasonAlt I got oauth-ssh version 0.10-1 installed on two test systems now and can confirm that setting 'nygenome.org@accounts.google.com' now works. Thanks for fixing this.
Our company uses 'Sign in with Google' so identity details look like: Google (tscollins@nygenome.org@accounts.google.com) primary Identity Provider Google Name T. S. Collins Email tscollins@nygenome.org Organization NYGC Not sure what the proper setting for idp_suffix should be in the servers globus-ssh.conf file. Have tried the following: nygenome.org@accounts.google.com nygenome.org account.google.com google.com No matter which idp_suffix is used the result when trying to connect is: Unexpected reply from SSH service: {"error": {"code": "INVALID_ACCOUNT","description": "You cannot use that local account."}} We have another account with the following details: Globus ID (nygc@globusid.org) primary Identity Provider Globus ID Name NYGC Email globus@nygenome.org Organization New York Genome Center and when idp_suffix is set to 'globusid.org' no problem connecting. Can Google be used as and IdP?