Versions Compared

Old Version 24

changes.mady.by.user Massimo Sgaravatto

Saved on

compared with

New Version 25

changes.mady.by.user Massimo Sgaravatto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To manage a user registration request, log as admin in the Dashboard and click on Admin → Identity panel → Registrations. You will see the list of the pending requests.

Select the relevant request and click on Action → Details to see all the information concerning the request 


Did the user register using an IdP? [2]

Supported IdPs are INFN-AAI and Unipd SSO

If a user registered via INFN-AAI, the proposed user name is something like user@infn.it. If the username is somehow weird (e.g. TF-18555@infn.it), before pre-checking the request, please contact the Servizio Calcolo @ INFN Padova to check if this is normal or if they need to fix something in the INFN-AAI account of this person)


You can check if a user registered via the Unipd Idp (Unipd SSO) if the proposed user name is something like user@unipd.it or user@studenti.unipd.it.


Since we want to avoid double registrations (e.g. a user with both INFN and Unipd account)  check also (using openstack user list --long) if that user is already registered (e.g. if there is already a user with that family name in the email or account name)



Could the user register using an IdP ? Or is this a "spam" [3]

If the user didn't try the registration using an IdP. In this case you should try to figure out if the user really can't register through a supported IDP.

  • To check if a user is registered in AAI you can refer to this info: http://wiki.infn.it/cn/ccr/aai/howto/useldap. In particular you can configure the AAI address book and search the user in that address book. Besides verifying that the user is in the address book, you have to also verify also that the placework (e.g. 'pd', 'lnl', etc.)is specified. This info should be among the "Work" related information.
  • UNIPD SSO: Unfortunately there are not blessed methods to figure out if a user is registered in the UniPd SSO (but in general all Unipd staff and all students should be registered in the Unipd SSO)


Other hints:

  • You can use this link to see if a user willing to register is known to INFN Padova (and also to know the expiration of his contract)


In general you might need to interact with the user (via e-mail) to understand why she didn't/she couldn't register using an IdP (and also to understand if the request is "valid" and is not a spam)


Reject request [4]

Select the relevant request and click on Action → Reject.

...

Is this request for a project using INFN resources ? [5]

A project used INFN resources if:

...

Is the user compliant with the INFN policies ? [6]

To be compliant with the INFN policies the user must be registered in INFN-AAI and:

...