We have a traditional grid deployment where each user has been issued a long-lived X.509 credential. Do each of the identity providers in our grid federation need to install GridShib for Shibboleth?
Yes, in this case GridShib for Shibboleth is used to manage name mappings at the identity provider. Each user’s distinguished name (DN) is stored in a file or table so that the attribute authority can map the DN to a local principal name. To avoid having to install GridShib for Shibboleth at each IdP, an IdP Proxy may be used. IdP Proxy implementations include myVocs (a service) and myVocs box (an appliance).
Related Questions
- We have a traditional grid deployment where each user has been issued a long-lived X.509 credential. Do each of the identity providers in our grid federation need to install GridShib for Shibboleth?
- Does an administrator at the identity provider need to maintain a name mapping for each user in the grid federation?
- Does deployment rely on user access rights?