Compute Canada Federation Identity Management Projects
Compute Canada Networking & Subatomic Physics National Team F2F - TECC
Darren Boss - Compute Canada Federation
LDAP
Puppet managed OpenLDAP replicas
Application of ACLs
TLS/SSL Certificate
Schema Updates
Pseudo Users and Platform Nodes
SAML IdP
Dockerized deployment of Shibboleth IdP
Federation with CAF and EduGain
Only staff accounts are allowed for federated SP logins
Support for R&S Entity Category in CAF and EduGain
Looking at adding Sirtfi
Kubernetes deployment
IdP deployment for production and test
Configuration clone from git on deploy
Test Service Provider deployments
Using replicas and rolling upgrades
Monitoring
ELK stack and Grafana deployed
Filebeat log shipper
OpenID Connect
Identity layer on top of the OAuth 2.0 protocol
Puppet deployed MITREid single instance running
Will likely switch to using Shibboleth OIDC when support is incorporated
Only in use for Kubernetes
Grouper
Access management system
Manage groups, roles and permissions
Provision to LDAP, SCIM, G Suite and more
Test deployments using LDAP and CCDB directly for subject source
