Story #13255
Updated by Peter Amstutz almost 7 years ago
Currently, a user who authenticates for the first time to a "local" cluster using their existing account at a "remote" cluster (their "home" cluster) is automatically activated if
* Their account is active at their "home" cluster, *and*
* "Auto-activate new users" is enabled on the local cluster.
Otherwise, the user lands in an inactive account.
Options:
* auto activate federated remote accounts
* allow specific approval and activation of remote accounts
h2. Proposed behaviors
* API configuration disables local logins: when visiting the API server's login endpoint, redirect to the login endpoint of the default "home" cluster, user will still be (eventually) returned to "remote" workbench. "Home" API server needs to know to send a _salted_ token back to the remote workbench.
* Auto activate: list of cluster ids for which it honors the "is_active" flag (current behavior is to ignore the is_active flag and use the local cluster's autoactivate policy)