Register VO

[backeb]

To register a VO please follow instructions in https://github.com/c-scale-community/discussions/discussions/2#discussioncomment-604917

Specifically: procedure to create VOs in EGI: PROC14

@sustr4 @enolfc @melanger please support @gena in following the process

[backeb]

To register the VO, I suggest providing the following information for Aquamonitor:

country: Netherlands ⬅️ @melanger please indicate which ISO code to use category: Research domain: Land and/or Climate ⬅️ @melanger I presume we can only use one, @gena please indicate which is more appropriate

@enolfc can we schedule a meeting to register the VO in the Operations Portal

[sustr4]

To sum up what we mentioned in other tracks:

• The suggested format for country is two-letter ISO. However, I'd suggest to leave the choice of country to each user rather than set it VO-wide.
• Indeed, just a single value should be selected for category and domain, respectively.

[backeb]

Update

• @enolfc and @backeb created a VO for Aquamonitor: https://operations-portal.egi.eu/vo/update/serial/841
• The link to the GGUS ticket is: https://ggus.eu/index.php?mode=ticket_info&ticket_id=151818

Next steps

• The EGI Operations team will open a ticket for the Perun team to complete the set up. @melanger have reassigned this ticket to you follow up.
• In parallel EGI will now set up a Service Level Agreement between Deltares and EGI.eu with INFN and INCD as resource providers: #2. @enolfc will assign this ticket to you to action / delegate

[backeb]

VO enabled in Perun. https://ggus.eu/?mode=ticket_info&ticket_id=151820

[backeb]

VO in production on EGI.eu Operations Portal: https://operations-portal.egi.eu/vo/view/voname/aquamonitor.c-scale.eu GGUS ticket resolved: https://ggus.eu/?mode=ticket_info&ticket_id=151818

[backeb]

@melanger I received an email from perun@cesnet.cz with the following information:

new application for VO aquamonitor.c-scale.eu was created under ID=101581 by user: 71378@muni.cz / https://id.muni.cz/metadata. As soon as user verifies his/her email address (application in state VERIFIED), it is possible to approve or reject application. Application detail with all user submitted data where you can approve / reject application: https://perun.egi.eu/egi/gui/?vo/appdetail/id=101581

When I click on https://perun.egi.eu/egi/gui/?vo/appdetail/id=101581 I get the below:

When I follow the link for "joining your identities", it takes me to aai.egi.eu where I log in with my EGI SSO.

I then get to the below page:

I then click on the below button to link to my account

I select EGI SSO, log in again and get the below error:

What do I do?

[melanger]

@backeb You are set as the VO manager in Perun, therefore you receive notifications about registrations of new users waiting for approval. I receive them as well. We may change who is VO manager later, any VO manager may approve/reject the registrations.

The "problem" here is that when you use EGI SSO, it is a different identity (from Perun's point of view) than if you access Perun directly. Your EGI SSO / <your IdP here> identity is not yet in Perun (although <your IdP here> identity is), and you tried to link the EGI SSO / <your IdP here> identity with itself. That did not work, because it is not yet in Perun.

I think the easiest way to solve this is:

1. go to https://perun.egi.eu/egi/registrar/?vo=aquamonitor and use EGI SSO (with your IdP) to register
2. it should ask you to link identities (to link EGI SSO / <your IdP> with just <your IdP>)

After this, the approval link in the email should work. These steps are only needed for VO managers who already worked with Perun, regular users (end users) just use EGI SSO.

[backeb]

Thanks for the info @melanger. When I go to https://perun.egi.eu/egi/registrar/?vo=aquamonitor and use EGI SSO (with my IdP) to register I still get this

I doesn't ask me to link identities. Am I using the wrong IdP?

[melanger]

@backeb It seems you have to write to perun@cesnet.cz and let them link the two identities manually in this case. Please write them an email from your IdP address, and mention that you want to link your identities from 1) your IdP and 2) EGI Check-in.

After they link them, you can use either (EGI Check-in or your IdP directly) and you will have the same user in Perun.

[backeb]

Thanks @melanger, I have emailed the Perun team for assistance, cc'd you @enolfc @sustr4 and @sebastian-luna-valero

My message to them has the following identifier: [Perun #895646].

[backeb]

Thanks @melanger, I have emailed the Perun team for assistance, cc'd you @enolfc @sustr4 and @sebastian-luna-valero

My message to them has the following identifier: [Perun #895646].

I received the following instruction from the Perun team:

please use the button "it´s not me" and register new account in Perun with identity you need. After that I will add the VO manager role to your new identity. It should work.

I have followed these instructions and registered my email address in Perun. The Perun team added the VO manager role to my new identity, and I can now access https://perun.egi.eu/egi/gui/#usr/info?id=116494&active=1;

[backeb]

@enolfc does this now complete the VO registration process?

[enolfc]

I would consider the VO registration completed. One thing that we will need for the EGI cloud to work properly is to have a service account associated to the VO so we can have access to information from the sites without using a specific user identity. Let me dig the docs and send you some instructions

[backeb]

I would consider the VO registration completed. One thing that we will need for the EGI cloud to work properly is to have a service account associated to the VO so we can have access to information from the sites without using a specific user identity. Let me dig the docs and send you some instructions

Ok I will start another issue on that