Mailing List Archive: Mapping users of a particular user database under OpenAM(SSO) to a specific queue

Mapping users of a particular user database under OpenAM(SSO) to a specific queue

Nov 9, 2016, 4:58 AM

Post #1 of 4 (1154 views)

Hello members,

We also have a requirement of mapping users of a particular user database
under OpenAM(SSO) to a specific queue. This is required to enable users to
have access to a specific queue rather than all queues. The access need to
be enabled for creation of tickets and thereafter for listing his/her open
and closed tickets.

Please let me know if this is possible and steps to meet this requirement.

Maneesh Kumar

National PARAM Supercomputing Facility

HPC Infrastructure and Ecosystem Group
Centre for Development of Advanced Computing

-------------------------------------------------------------------------------------------------------------------------------
[. C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
-------------------------------------------------------------------------------------------------------------------------------

---------
RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: Mapping users of a particular user database under OpenAM(SSO) to a specific queue [ In reply to ]

darin at darins

Nov 9, 2016, 5:43 AM

Post #2 of 4 (1147 views)

Permalink

I don't see how you're going to be able to leverage OpenAM for this
when it's something that really needs to be done with RT's queue
permissions. I have to assume you're using the OpenAM web policy agent
for Apache, which is only going to allow you to permit/deny access
based on URI, which isn't how RT presents it's queues.

IMO you're complicating this by attempting to bolt on OpenAM onto
something that already provides very fine grained permission.
--
Later,
Darin

On Wed, Nov 9, 2016 at 7:58 AM, Maneesh Kumar <maneeshk@cdac.in> wrote:
> Hello members,
>
> We also have a requirement of mapping users of a particular user database
> under OpenAM(SSO) to a specific queue. This is required to enable users to
> have access to a specific queue rather than all queues. The access need to
> be enabled for creation of tickets and thereafter for listing his/her open
> and closed tickets.
>
> Please let me know if this is possible and steps to meet this requirement.
>
>
> Maneesh Kumar
>
>
> National PARAM Supercomputing Facility
>
> HPC Infrastructure and Ecosystem Group
> Centre for Development of Advanced Computing
>
> -------------------------------------------------------------------------------------------------------------------------------
> [. C-DAC is on Social-Media too. Kindly follow us at:
> Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]
>
> This e-mail is for the sole use of the intended recipient(s) and may
> contain confidential and privileged information. If you are not the
> intended recipient, please contact the sender by reply e-mail and destroy
> all copies and the original message. Any unauthorized review, use,
> disclosure, dissemination, forwarding, printing or copying of this email
> is strictly prohibited and appropriate legal action will be taken.
> -------------------------------------------------------------------------------------------------------------------------------
>
> ---------
> RT 4.4 and RTIR training sessions, and a new workshop day!
> https://bestpractical.com/training
> * Los Angeles - January 9-11 2017
---------
RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: Mapping users of a particular user database under OpenAM(SSO) to a specific queue [ In reply to ]

martin.wheldon at greenhills-it

Nov 9, 2016, 8:04 AM

Post #3 of 4 (1143 views)

Permalink

Hi Maneesh,

I'm not familiar with OpenAM, but you should be able to get this to do
the authentication by either SSO cookie or getting the web server to
populate the REMOTE_USER variable.

The following may help...

https://docs.bestpractical.com/rt/4.4.1/RT/Authen/ExternalAuth/DBI/Cookie.html
https://docs.bestpractical.com/rt/4.4.1/RT/Authen/ExternalAuth.html#CONFIGURATION
https://docs.bestpractical.com/rt/4.4.1/authentication.html#Via-your-web-server-aka-WebRemoteUserAuth-aka-REMOTE_USER

However you will need to create groups and configure group
access/permissions to the relevant queue(s) within RT.

Best Regards

Martin

On 2016-11-09 12:58, Maneesh Kumar wrote:
> Hello members,
>
> We also have a requirement of mapping users of a particular user
> database under OpenAM(SSO) to a specific queue. This is required to
> enable users to have access to a specific queue rather than all
> queues. The access need to be enabled for creation of tickets and
> thereafter for listing his/her open and closed tickets.
>
> Please let me know if this is possible and steps to meet this
> requirement.
>
>
> Maneesh Kumar
>
>
> National PARAM Supercomputing Facility
>
> HPC Infrastructure and Ecosystem Group
> Centre for Development of Advanced Computing
>
> -------------------------------------------------------------------------------------------------------------------------------
> [. C-DAC is on Social-Media too. Kindly follow us at:
> Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]
>
> This e-mail is for the sole use of the intended recipient(s) and may
> contain confidential and privileged information. If you are not the
> intended recipient, please contact the sender by reply e-mail and
> destroy
> all copies and the original message. Any unauthorized review, use,
> disclosure, dissemination, forwarding, printing or copying of this
> email
> is strictly prohibited and appropriate legal action will be taken.
> -------------------------------------------------------------------------------------------------------------------------------
>
> ---------
> RT 4.4 and RTIR training sessions, and a new workshop day!
> https://bestpractical.com/training
> * Los Angeles - January 9-11 2017
---------
RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: Mapping users of a particular user database under OpenAM(SSO) to a specific queue [ In reply to ]

martin.wheldon at greenhills-it

Nov 9, 2016, 8:19 AM

Post #4 of 4 (1143 views)

Permalink

Hi,

A quick google suggests that you may be looking for OpenAM web policy
agents

"Profile Attribute Fetch Mode"

Good luck..

Best Regards

Martin

On 2016-11-09 16:04, Martin Wheldon wrote:
> Hi Maneesh,
>
> I'm not familiar with OpenAM, but you should be able to get this to do
> the authentication by either SSO cookie or getting the web server to
> populate the REMOTE_USER variable.
>
> The following may help...
>
> https://docs.bestpractical.com/rt/4.4.1/RT/Authen/ExternalAuth/DBI/Cookie.html
> https://docs.bestpractical.com/rt/4.4.1/RT/Authen/ExternalAuth.html#CONFIGURATION
> https://docs.bestpractical.com/rt/4.4.1/authentication.html#Via-your-web-server-aka-WebRemoteUserAuth-aka-REMOTE_USER
>
> However you will need to create groups and configure group
> access/permissions to the relevant queue(s) within RT.
>
> Best Regards
>
> Martin
>
> On 2016-11-09 12:58, Maneesh Kumar wrote:
>> Hello members,
>>
>> We also have a requirement of mapping users of a particular user
>> database under OpenAM(SSO) to a specific queue. This is required to
>> enable users to have access to a specific queue rather than all
>> queues. The access need to be enabled for creation of tickets and
>> thereafter for listing his/her open and closed tickets.
>>
>> Please let me know if this is possible and steps to meet this
>> requirement.
>>
>>
>> Maneesh Kumar
>>
>>
>> National PARAM Supercomputing Facility
>>
>> HPC Infrastructure and Ecosystem Group
>> Centre for Development of Advanced Computing
>>
>> -------------------------------------------------------------------------------------------------------------------------------
>> [. C-DAC is on Social-Media too. Kindly follow us at:
>> Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]
>>
>> This e-mail is for the sole use of the intended recipient(s) and may
>> contain confidential and privileged information. If you are not the
>> intended recipient, please contact the sender by reply e-mail and
>> destroy
>> all copies and the original message. Any unauthorized review, use,
>> disclosure, dissemination, forwarding, printing or copying of this
>> email
>> is strictly prohibited and appropriate legal action will be taken.
>> -------------------------------------------------------------------------------------------------------------------------------
>>
>> ---------
>> RT 4.4 and RTIR training sessions, and a new workshop day!
>> https://bestpractical.com/training
>> * Los Angeles - January 9-11 2017
> ---------
> RT 4.4 and RTIR training sessions, and a new workshop day!
> https://bestpractical.com/training
> * Los Angeles - January 9-11 2017
---------
RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training
* Los Angeles - January 9-11 2017