Difference between revisions of "Federated login"
Moskalenko (talk | contribs) |
|||
(24 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
+ | __NOTOC__ | ||
+ | [[File:Video preview.png|frameless| right |link=https://mediasite.video.ufl.edu/Mediasite/Play/e1c6a465399e4b609ef0f6b0db03d40d1d]] | ||
+ | If you're not affiliated with the University of Florida, you must go through the [[Federated Account Request]] procedure to establish a HiPerGator account before attempting to connect to or use HiPerGator resources and interfaces. As the result of the account creation process, you will have a Linux account on the cluster with an initial SSH key pair created for your SSH access. | ||
− | For users outside of the University of Florida, | + | For users from outside of the University of Florida, the procedure to access HiPerGator resources depends on whether the access is performed through a web interface or an SSH connection. |
− | + | This video walks through the process of logging into HiPerGator using federated credentials. This process is also detailed below. | |
− | + | ==Web Interfaces== | |
+ | For access via web interfaces, UF Research Computing has established federated authentication so that users can access HiPerGator using their institutional credentials. We use the InCommon Discovery Service, which is available for most [https://incommon.org/ InCommon member institutions]. You can verify that your institution provides federated authentication using [https://incommon.org/community-organizations/ the InCommon Community Organizations page] and looking for the "Federation" tag. When you go to a protected web interface you will be redirected to the InCommon Federation Discovery page <code>https://wayf.incommonfederation.org....</code> [[File:Incommon Discovery Service.png|thumb]] where you will | ||
+ | * Click on the 'Remember selection for this web browser session' if you would like to skip the InCommon organization selection step on the same computer for a while. | ||
+ | * Select the organization you are affiliated with. | ||
+ | * Enter your credentials after being redirected to your home institution's login service. | ||
+ | After a successful login you will be redirected back to the protected resource if your group has permissions to access it. | ||
− | + | {{Note|If you accidentally select the wrong university, you can delete the wayf.incommonfederation.org cookies from your browser. Exact steps differ by browser, but in general, open the Settings or Preferences, search for Cookies. View all the saved Cookies. Search for wayf.incommonfederation.org and delete those cookies.|reminder}} | |
− | + | Web Interfaces include: | |
− | + | * https://ood.rc.ufl.edu | |
− | + | * https://jhub.rc.ufl.edu | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | == | + | ==SSH Connections== |
+ | Only SSH '''key''' access is available for connections via ssh for federated HiPerGator users. It is ''not'' possible to use your username and password to connect via SSH as a federated user. | ||
− | + | ===eduVPN Connection=== | |
− | + | [[File:EduVPN.png|frameless|right]] | |
− | + | To be able to access HiPerGator via SSH you will need to connect to the HiPerGator network via eduVPN first. | |
− | |||
− | |||
− | + | * Download the latest version of the eduVPN client from '''https://www.eduvpn.org/client-apps/''' and install it. | |
− | + | * After installing the eduVPN client, open the application. | |
− | + | * '''Search for and select the University of Florida''' (Not your institution, you are connecting to UF). You will be presented with an InCommon login page. | |
− | + | * Now, select '''your institution''' from the dropdown and click on <code>Select</code>. This will forward you to your institution's SSO page. | |
+ | * After logging in, approve eduVPN access on the resulting page and close the web page. You will now be connected to our instance of eduVPN. | ||
+ | |||
+ | ===SSH Connection=== | ||
+ | '''Note: ''' Your HiPerGator username will be indicated in the email you receive when your account is created. | ||
+ | |||
+ | SSH to hpg.rc.ufl.edu using an SSH key, whether from the initial key pair you establish during account creation or a new key pair you create at a later time. | ||
+ | {{Note|'''Never share your private ssh keys''' even with Support staff. Your private ssh key works as your password and it must be kept in a non-shareable space.|warn}} | ||
+ | |||
+ | Command line: <code>ssh username@hpg.rc.ufl.edu</code> | ||
+ | |||
+ | See [[Using_SSH_Keys_To_Access_HPG]] for more details. |
Latest revision as of 19:35, 19 August 2024
If you're not affiliated with the University of Florida, you must go through the Federated Account Request procedure to establish a HiPerGator account before attempting to connect to or use HiPerGator resources and interfaces. As the result of the account creation process, you will have a Linux account on the cluster with an initial SSH key pair created for your SSH access.
For users from outside of the University of Florida, the procedure to access HiPerGator resources depends on whether the access is performed through a web interface or an SSH connection.
This video walks through the process of logging into HiPerGator using federated credentials. This process is also detailed below.
Web Interfaces
For access via web interfaces, UF Research Computing has established federated authentication so that users can access HiPerGator using their institutional credentials. We use the InCommon Discovery Service, which is available for most InCommon member institutions. You can verify that your institution provides federated authentication using the InCommon Community Organizations page and looking for the "Federation" tag. When you go to a protected web interface you will be redirected to the InCommon Federation Discovery page https://wayf.incommonfederation.org....
where you will
- Click on the 'Remember selection for this web browser session' if you would like to skip the InCommon organization selection step on the same computer for a while.
- Select the organization you are affiliated with.
- Enter your credentials after being redirected to your home institution's login service.
After a successful login you will be redirected back to the protected resource if your group has permissions to access it.
Web Interfaces include:
SSH Connections
Only SSH key access is available for connections via ssh for federated HiPerGator users. It is not possible to use your username and password to connect via SSH as a federated user.
eduVPN Connection
To be able to access HiPerGator via SSH you will need to connect to the HiPerGator network via eduVPN first.
- Download the latest version of the eduVPN client from https://www.eduvpn.org/client-apps/ and install it.
- After installing the eduVPN client, open the application.
- Search for and select the University of Florida (Not your institution, you are connecting to UF). You will be presented with an InCommon login page.
- Now, select your institution from the dropdown and click on
Select
. This will forward you to your institution's SSO page. - After logging in, approve eduVPN access on the resulting page and close the web page. You will now be connected to our instance of eduVPN.
SSH Connection
Note: Your HiPerGator username will be indicated in the email you receive when your account is created.
SSH to hpg.rc.ufl.edu using an SSH key, whether from the initial key pair you establish during account creation or a new key pair you create at a later time.
Command line: ssh username@hpg.rc.ufl.edu
See Using_SSH_Keys_To_Access_HPG for more details.