search

c-scale-community / workflow-automated-river-forecasts

Porting and deploying the Seasonal River Discharge Forecasts use case to C-SCALE
Apache License 2.0
1 stars 0 forks source link

C-SCALE test CO in SRAM #13

Closed backeb closed 3 years ago

backeb commented 3 years ago

I received the below email:

You have been invited by Gerben Venekamp to join collaboration C-SCALE-test-co.

Click here to accept the invitation

A message from the inviter: Dear C-SCALE partner,

We are in the process of inviting each C-SCALE partner to join a collaborative organisation (CO). This is the invitation. For now this is a test CO and gives you an opportunity to have a first hand look at what SRAM is. By accepting this invitation, you will be added to the 'C-SCALE-test-co' CO. For those that have already been registered with SRAM, the registration step will be skipped. Those that have not, will need to register first. This registration process is part of your first login. Don't be surprised to see eduTEAMS during the registration process. SRAM makes use of eduTEAMS services. Having been registered and accepting the invitation puts you in the mentioned CO. This is for testing purposed only and therefore the number of services that can be linked is limited to a test service only. This service shows the attributes it has received from SRAM. As such the service does not hold a lot of value other then testing that you have reached the end of a chain, i.e. a service provider. You could try to read, interpret and understand the attributes displayed. However, at this point there is not a lot of value in it, other then seeing what is sent about you. The test service has not been developed with user friendliness in mind; it's a test service after all. The URL of the test service is: https://sp01.devtest.eduteams.org/simplesaml/module.php/core/authenticate.php?as=default-sp. You should be able to find the same link in SRAM. The service is displayed at the CO About page underneath the 'where we collaborate' title. There you'll see the 'EDUteams test service' [sic] and to the right of it an icon. This icon holds the link to the test service. Having clicked the icon, you'll be taken to the eduTEAMS test service.

There you need to take the following steps: 1 - On first screen presented to you, you'll be asked for selecting an identity provider. The service is connected through SRAM production environment and therefore you must select 'SURF RAM - production'. This is almost at the bottom of the list. Don't search for you home IdP. It won't be there. Don't use 'SURF RAM - acceptance' either. That's the wrong environment. 2 - The second screen asks -- for a second time -- for an identity provider. This time however, you should pick you home institution and authenticate yourself at you home institute. You'll probably see a consent screen first and then you can start the authentication at your home institute. You should see one or more familiar screens now. 3 - Final step; all done now.

You should see the final screen with your attributes as they were sent to the test service. Nothing will be stored there as the purpose of the test service is to display attributes only. I realize that the above could be perceived as (mildly) difficult. If you get stuck, let me know and I'll see what I can do for you. One final remark. I have sent invites to one person per partner only. If you feel I should invite more people from you institute, please let me know and I'll happily create an invite for them as well. Regards, Gerben Venekamp

When I follow the link to accept the invitation, I cannot find the SURF RAM - production, and I don't see a list of IdPs. image

@venekamp please advise cc @oonkjbr @sperna

venekamp commented 3 years ago

I see what goes wrong here. The invite text is not complete. You are part of the second batch of people being invited and with the first batch we already went through the onboarding with SRAM part as an earlier test to see if SRAM was accessible. For the second batch we do it all in one go. Which is also the way it should work.

Another reason why you cannot find your IdP is that Deltares is not listed within eduGAIN. Therefore SRAM has no way of discovering the Deltares IdP. For those cases where you cannot select your IdP, there is eduID (NL) IdP. However, before you can authenticate with edIDu (NL) you must register there first. A social account is acceptable with eduID (NL), in fact it is one of the use case. My advice would be to head over to https://eduid.nl and register your identity there.

When registering at eduID (NL) you'll be asked to provide with an email address for verification. Here you can use any email address including address like gmail.com. EduID (NL) would also like you first and last name. After you have been verified, you have an identity with eduID (NL) and thus you are now able to use eduID (NL) as your IdP.

Going back to the invite, at the page where you are trying to find the 'SURF RAM - production' IdP, you now choose eduID (NL). Be aware to select the correct eduID as there are a number of countries offering eduID. The Dutch one is with the (NL) part. At this point, if all goes well with the authentication, etc., etc., you are part of the CO.

The invite text applies to getting access to the linked test service, in which case you should indeed select 'SURF RAM - production'. You can select the test service from the about page.

backeb commented 3 years ago

@venekamp I can confirm this works for me - thanks!

Who should register with SRAM? Is it

  1. All users of resources?
  2. PIs who manage access to resources?
venekamp commented 3 years ago

SRAM needs an authenticated identity, so that would be all users that are part of the CO. That includes the PI as well of course.