Perun VOs listed as "group"

[sebastian-luna-valero]

Hi,

When I run:

fedcloud token list-vos

All my Perun VOs are shown as group.

The Perun VOs are correctly listed in https://aai.egi.eu/oidc/manage/user/profile and https://perun.egi.eu/egi/gui/

Is this an issue with fedcloudclient or with Perun?

Many thanks, Sebastian

[tdviet]

Hi Sebastian,

there are some ongoing changes in Perun, and the ":group" substring is duplicated in the eduperson_entitlement for Perun VOs. I am not sure it is a bug or intentional.

Normal VOs in Check-in:

urn:mace:egi.eu:group:acc-comp.egi.eu:role=member#aai.egi.eu 
urn:mace:egi.eu:group:eosc-synergy.eu:role=member#aai.egi.eu

VOs in Perun with ":group:group":

urn:mace:egi.eu:group:group:fedcloud.egi.eu:role=member#aai.egi.eu
urn:mace:egi.eu:group:group:demo.fedcloud.egi.eu:role=member#aai.egi.eu

Strangely, the training.egi.eu VO is managed by Perun, too, but it is correct urn:mace:egi.eu:group:training.egi.eu:role=member#aai.egi.eu

@enolfc: What is the status of Perun integration?

[enolfc]

@tdviet I was unaware of this change, just added you to some communication with Check-in

[NicolasLiampotis]

@tdviet This was a bug introduced by the Check-in IdP/SP Proxy upgrade implemented on the 22nd of July. The extra "group" literal was erroneously added by the Check-in proxy to VO/group entitlements from Perun. Entitlements for VOs managed in COmanage Registry were not affected. The bug was fixed today at 8:57 AM.

Note that the training.egi.eu VO is a special case since it is managed by both Perun and COmanage Registry.

[tdviet]

Thanks @NicolasLiampotis and @enolfc. The problem is solved, VOs are now correctly shown, so I close this issue.