Difference between revisions of "Federated login"

From UFRC
Jump to navigation Jump to search
 
(24 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 +
__NOTOC__
 +
[[File:Video preview.png|frameless| right |link=https://mediasite.video.ufl.edu/Mediasite/Play/e1c6a465399e4b609ef0f6b0db03d40d1d]]
 +
If you're not affiliated with the University of Florida, you must go through the [[Federated Account Request]] procedure to establish a HiPerGator account before attempting to connect to or use HiPerGator resources and interfaces. As the result of the account creation process, you will have a Linux account on the cluster with an initial SSH key pair created for your SSH access.
  
For users outside of the University of Florida, UF Research Computing has setup federated authentication so that users can access HiPerGator resources using their institutional credentials.  
+
For users from outside of the University of Florida, the procedure to access HiPerGator resources depends on whether the access is performed through a web interface or an SSH connection.
  
{{Note|"Note that the processes described on this page are for individual researchers only. Instructors and students in a course will be handled in a different mechanism."|warn}}
+
This video walks through the process of logging into HiPerGator using federated credentials. This process is also detailed below.
  
Federated login is available for most [https://incommon.org/ InCommon member institutions], you can verify that your institution provides Federated authentication using [https://incommon.org/community-organizations/ this page] and looking for the "Federation" tag.
+
==Web Interfaces==
 +
For access via web interfaces, UF Research Computing has established federated authentication so that users can access HiPerGator using their institutional credentials. We use the InCommon Discovery Service, which is available for most [https://incommon.org/ InCommon member institutions]. You can verify that your institution provides federated authentication using [https://incommon.org/community-organizations/ the InCommon Community Organizations page] and looking for the "Federation" tag. When you go to a protected web interface you will be redirected to the InCommon Federation Discovery page <code>https://wayf.incommonfederation.org....</code> [[File:Incommon Discovery Service.png|thumb]] where you will
 +
* Click on the 'Remember selection for this web browser session' if you would like to skip the InCommon organization selection step on the same computer for a while.
 +
* Select the organization you are affiliated with.
 +
* Enter your credentials after being redirected to your home institution's login service.
 +
After a successful login you will be redirected back to the protected resource if your group has permissions to access it.
  
==Establishing a HiPerGator Account using Federated Credentials==
+
{{Note|If you accidentally select the wrong university, you can delete the wayf.incommonfederation.org cookies from your browser. Exact steps differ by browser, but in general, open the Settings or Preferences, search for Cookies. View all the saved Cookies. Search for wayf.incommonfederation.org and delete those cookies.|reminder}}
  
===COmanage registration===
+
Web Interfaces include:
# Start here: https://federation.it.ufl.edu/registry/co_petitions/start/coef:6
+
* https://ood.rc.ufl.edu
# Select institution to log in with, which will forward you to your institution's SSO page. [[File:COmanage1.png|frame|center|The COmanage registration page: enter your institution]]
+
* https://jhub.rc.ufl.edu
# After logging in, you will be presented with a form and need to fill out the following info: [[File:COmanage2.png|frame|right|The COmanage user registration page]]
 
## Given Name
 
## Family Name
 
## Email
 
## Organization (i.e. institution name)
 
## Select a sponsor from the drop down.
 
## Add any comments they think are helpful for UFRC staff.
 
## Click Submit
 
# An email will be sent to you for the next steps.
 
  
==Create SSH keys and upload public key for access==
+
==SSH Connections==
 +
Only SSH '''key''' access is available for connections via ssh for federated HiPerGator users. It is ''not'' possible to use your username and password to connect via SSH as a federated user.
  
Follow these instructions for creating a public/private key pair on your local computer depending on your OS:
+
===eduVPN Connection===
* [[Using_SSH_Keys_To_Access_HPG#MacOS|Creating an SSH key on MacOS]]
+
[[File:EduVPN.png|frameless|right]]
* [[Create SSH keys on Windows|Creating an SSH key on Windows]]
+
To be able to access HiPerGator via SSH you will need to connect to the HiPerGator network via eduVPN first.
* [[Using_SSH_Keys_To_Access_HPG#Linux|Creating an SSH key on Linux]]
 
The private key file should remain on your computer and not be shared with anyone. The public key file will be uploaded in the next step.
 
  
# After creating your SSH and receiving the email invitation, click the link
+
* Download the latest version of the eduVPN client from '''https://www.eduvpn.org/client-apps/''' and install it.
# Review the Terms and Conditions, click "I Agree" and "Submit".
+
* After installing the eduVPN client, open the application.
# Click Choose File, select a public key (ends in .pub) and click "Upload"
+
* '''Search for and select the University of Florida''' (Not your institution, you are connecting to UF). You will be presented with an InCommon login page.
# Once the SSH key has been uploaded, the account request process will proceed. The sponsor will be notified of the account request and will need to approve the request. At that point, the HiPerGator account can be created.
+
* Now, select '''your institution''' from the dropdown and click on <code>Select</code>. This will forward you to your institution's SSO page.
 +
* After logging in, approve eduVPN access on the resulting page and close the web page. You will now be connected to our instance of eduVPN.
 +
 
 +
===SSH Connection===
 +
'''Note: ''' Your HiPerGator username will be indicated in the email you receive when your account is created.
 +
 
 +
SSH to hpg.rc.ufl.edu using an SSH key, whether from the initial key pair you establish during account creation or a new key pair you create at a later time.
 +
{{Note|'''Never share your private ssh keys''' even with Support staff. Your private ssh key works as your password and it must be kept in a non-shareable space.|warn}}
 +
 
 +
Command line: <code>ssh username@hpg.rc.ufl.edu</code>
 +
 
 +
See [[Using_SSH_Keys_To_Access_HPG]] for more details.

Latest revision as of 19:35, 19 August 2024

Video preview.png

If you're not affiliated with the University of Florida, you must go through the Federated Account Request procedure to establish a HiPerGator account before attempting to connect to or use HiPerGator resources and interfaces. As the result of the account creation process, you will have a Linux account on the cluster with an initial SSH key pair created for your SSH access.

For users from outside of the University of Florida, the procedure to access HiPerGator resources depends on whether the access is performed through a web interface or an SSH connection.

This video walks through the process of logging into HiPerGator using federated credentials. This process is also detailed below.

Web Interfaces

For access via web interfaces, UF Research Computing has established federated authentication so that users can access HiPerGator using their institutional credentials. We use the InCommon Discovery Service, which is available for most InCommon member institutions. You can verify that your institution provides federated authentication using the InCommon Community Organizations page and looking for the "Federation" tag. When you go to a protected web interface you will be redirected to the InCommon Federation Discovery page https://wayf.incommonfederation.org....

Incommon Discovery Service.png

where you will

  • Click on the 'Remember selection for this web browser session' if you would like to skip the InCommon organization selection step on the same computer for a while.
  • Select the organization you are affiliated with.
  • Enter your credentials after being redirected to your home institution's login service.

After a successful login you will be redirected back to the protected resource if your group has permissions to access it.

If you accidentally select the wrong university, you can delete the wayf.incommonfederation.org cookies from your browser. Exact steps differ by browser, but in general, open the Settings or Preferences, search for Cookies. View all the saved Cookies. Search for wayf.incommonfederation.org and delete those cookies.

Web Interfaces include:

SSH Connections

Only SSH key access is available for connections via ssh for federated HiPerGator users. It is not possible to use your username and password to connect via SSH as a federated user.

eduVPN Connection

EduVPN.png

To be able to access HiPerGator via SSH you will need to connect to the HiPerGator network via eduVPN first.

  • Download the latest version of the eduVPN client from https://www.eduvpn.org/client-apps/ and install it.
  • After installing the eduVPN client, open the application.
  • Search for and select the University of Florida (Not your institution, you are connecting to UF). You will be presented with an InCommon login page.
  • Now, select your institution from the dropdown and click on Select. This will forward you to your institution's SSO page.
  • After logging in, approve eduVPN access on the resulting page and close the web page. You will now be connected to our instance of eduVPN.

SSH Connection

Note: Your HiPerGator username will be indicated in the email you receive when your account is created.

SSH to hpg.rc.ufl.edu using an SSH key, whether from the initial key pair you establish during account creation or a new key pair you create at a later time.

Never share your private ssh keys even with Support staff. Your private ssh key works as your password and it must be kept in a non-shareable space.

Command line: ssh username@hpg.rc.ufl.edu

See Using_SSH_Keys_To_Access_HPG for more details.