Skip to content

CI Logon

Jump to bottom
Danying Shao edited this page Sep 7, 2023 · 5 revisions

The CILogon provides a standards-compliant OpenID Connect (OAuth 2.0) interface https://www.cilogon.org/oidc

Client Registration

Register your app at https://cilogon.org/oauth2/register

Check "org.cilogon.userinfo" in the scopes section/.

Take a note of the callback url that you submitted (e.g. https://thanos.vmhost.psu.edu/valid/redirect_uri).

Record the client identifier and client Secret.

You will receive an email from CILogon once your app is approved.

Update pegr configuration

Go to the pegr configuration file, e.g. /usr/local/pegr/pegr-config.properties, and set

sso.url=<HOST>/sso
sos.type=Header
sso.principle=OIDC_CLAIM_eppn

Install mod_auth_openidc on Apache HTTPD 2.x

  1. Download cjose from https://github.com/OpenIDC/mod_auth_openidc/releases/download/v2.4.0/cjose-0.6.1.5-2.el7.x86_64.rpm and install

    $ sudo rpm -ivh cjose-0.6.1.5-2.el8.x86_64.rpm

  2. Download hiredis from http://rpmfind.net/linux/remi/enterprise/8/remi/x86_64/hiredis-0.13.3-9.el8.remi.x86_64.rpm and install

    $ sudo rpm -ivh hiredis-0.13.3-9.el8.remi.x86_64.rpm

  3. Download openidc mod from https://github.com/OpenIDC/mod_auth_openidc/releases/download/v2.4.14.2/mod_auth_openidc-2.4.14.2-1.el8.x86_64.rpm and install

    $ sudo rpm -ivh mod_auth_openidc-2.4.14.2-1.el8.x86_64.rpm

Update https configurations

Create file /etc/httpd/openidc.d/openidc.conf

#LoadModule auth_openidc_module modules/mod_auth_openidc.so
OIDCProviderMetadataURL https://cilogon.org/.well-known/openid-configuration
OIDCScope "openid email profile org.cilogon.userinfo"


OIDCClientID "cilogon:/client_id/XXXXXXXXXXXXXXXXXXXX"
OIDCClientSecret "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
OIDCCryptoPassphrase "XXXXXXXXXXXXXXXXXX"

# For debugging/seeing session info. Can be removed for production:
OIDCInfoHook iat access_token access_token_expires id_token userinfo refresh_token session

OIDCRedirectURI https://thanos.vmhost.psu.edu/valid/redirect_uri

<Location /valid>
  AuthType openid-connect
  Require valid-user
</Location>

<Location /sso>
  AuthType openid-connect
  Require valid-user
</Location>

<Location /pegr>
  AuthType openid-connect
  Require valid-user
  OIDCUnAuthAction pass
</Location>

Deployment

Configurations

CI Logon

Authentication and authorization

Admin

Projects

Sample submission form

Kicking off analysis pipeline

Analysis workflow tracking and quality control dashboard

PEGR communication with NGS_preprocessing_scripts

Sequencing reports

Clone this wiki locally