REVIEW-17: SDIACT-122 Incremental SSO Hub fixes and enhancements - Joint SD&I Test and Operations Readiness Review

The Single Sign On (SSO) login hub provides a single point-of-entry to the XSEDE cyberinfrastructure. Users authenticate to the SSO Hub using their XSEDE User Portal (XUP) username and password and can then GSI-SSH to SP login nodes. SDIACT-122 provides an incremental update to the SSO Hub and updates the base OS from CentOS 6 to CentOS 7 and provides host aliases to make it easier for users to access SP login nodes.

• (Tabitha) Add a grace period for users with inactive projects?
  • SSO hub queries XDCDB for information – suggest the change be requested in XDCDB
• (David) Include PSC CA updates so no issues with PSC MyProxy
  • The PSC MyProxy CA is a separate, IGTF-accredited CA with its own self-signed root - and does not depend on the legacy PSC Root CA nor the PSC Hosts CA for its certificates.
  • The published PSC MyProxy CA certificate was updated recently to extend its lifetime to February 2026. This will get installed as soon as the new XSEDE CA certificates tarball is released.
• (David) Remove old openssl098e-0.9.8e-29.el7.centos.2.x86_64 RPM
  • Done
• (David) Wrong name of host in test plan
  • Fixed

Documentation

• Introduction
  • https://portal.xsede.org/single-sign-on-hub
• Design/Security overview
  • Security and General Design Description
• Installation guide
  • n/a (already deployed on test-iu.login.xsede.org)
  • An admin guide is being developed and will be provided before the testing for this activity completes. We will ask the testers to review it for clarity when it is ready. The admin guide is not needed for testing.
• Deployment Plan
  • https://software.xsede.org/svn/sdi/activities/sdiact-122/trunk/Plans/SDIACT-122_DeploymentPlan.docx
• User guide
  • User Guide modifications
• Defect, issue, and risk reporting
  • See SDIACT-122 test plan below
• Acceptance test plan
  • Test Plan
• Testing resources
  • test-login.iu.xsede.org

Package information: All software packages (e.g., server and client packages) for this CI are listed.

Documentation and Installation instructions: The deployment plan for this CI on XSEDE is clearly described as well as the installation instructions and any XSEDE specific configuration instructions.

Test environment and facilities: The test environment needed to adequately to validate this component is described. Should indicate also whether testing can be performed within a VM and if not, the reasons for it.

Assumptions: Lists any assumptions needed before testing can begin (e.g., accounts needed).

Test procedures, cases, and scenarios: Lists the tests that should be run or an associated test suite and expected performance metrics if applicable.

Defect, issue, and risk reporting: Deployment plans should include defect and issue reporting information. The testing plan could reference that same information from the deployment plan, or provide alternate information if defects and issues need to be reported differently during testing. Risks, as well as defects and issues, should be part of the testing report.