Project

General

Profile

Story #13255

Updated by Peter Amstutz almost 7 years ago

Currently, a user who authenticates for the first time to a "local" cluster using their existing account at a "remote" cluster (their "home" cluster) is automatically activated if 
 * Their account is active at their "home" cluster, *and* 
 * "Auto-activate new users" is enabled on the local cluster. 

 Otherwise, the user lands in an inactive account. 

 Options: 
 * auto activate federated remote accounts 
 * allow specific approval and activation of remote accounts 


 h2. Proposed behaviors 

 * API configuration disables local logins: when visiting the API server's login endpoint, redirect to the login endpoint of the default "home" cluster, user will still be (eventually) returned to "remote" workbench.    "Home" API server needs to know to send a _salted_ token back to the remote workbench. 
 * Auto activate: list of cluster ids for which it honors the "is_active" flag (current behavior is to ignore the is_active flag and use the local cluster's autoactivate policy) 

Back