Mapping users of a particular user database under OpenAM(SSO) to a specific queue

Hello members,

We also have a requirement of mapping users of a particular user database
under OpenAM(SSO) to a specific queue. This is required to enable users to
have access to a specific queue rather than all queues. The access need to
be enabled for creation of tickets and thereafter for listing his/her open
and closed tickets.

Please let me know if this is possible and steps to meet this requirement.

Maneesh Kumar

National PARAM Supercomputing Facility

HPC Infrastructure and Ecosystem Group
Centre for Development of Advanced Computing

[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.

I don’t see how you’re going to be able to leverage OpenAM for this
when it’s something that really needs to be done with RT’s queue
permissions. I have to assume you’re using the OpenAM web policy agent
for Apache, which is only going to allow you to permit/deny access
based on URI, which isn’t how RT presents it’s queues.

IMO you’re complicating this by attempting to bolt on OpenAM onto
something that already provides very fine grained permission.
Later,
DarinOn Wed, Nov 9, 2016 at 7:58 AM, Maneesh Kumar maneeshk@cdac.in wrote:

Hello members,

We also have a requirement of mapping users of a particular user database
under OpenAM(SSO) to a specific queue. This is required to enable users to
have access to a specific queue rather than all queues. The access need to
be enabled for creation of tickets and thereafter for listing his/her open
and closed tickets.

Please let me know if this is possible and steps to meet this requirement.

Maneesh Kumar

National PARAM Supercomputing Facility

HPC Infrastructure and Ecosystem Group
Centre for Development of Advanced Computing


[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.


RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training

  • Los Angeles - January 9-11 2017

Hi Maneesh,

I’m not familiar with OpenAM, but you should be able to get this to do
the authentication by either SSO cookie or getting the web server to
populate the REMOTE_USER variable.

The following may help…

https://docs.bestpractical.com/rt/4.4.1/RT/Authen/ExternalAuth/DBI/Cookie.html
https://docs.bestpractical.com/rt/4.4.1/RT/Authen/ExternalAuth.html#CONFIGURATION
https://docs.bestpractical.com/rt/4.4.1/authentication.html#Via-your-web-server-aka-WebRemoteUserAuth-aka-REMOTE_USER

However you will need to create groups and configure group
access/permissions to the relevant queue(s) within RT.

Best Regards

MartinOn 2016-11-09 12:58, Maneesh Kumar wrote:

Hello members,

We also have a requirement of mapping users of a particular user
database under OpenAM(SSO) to a specific queue. This is required to
enable users to have access to a specific queue rather than all
queues. The access need to be enabled for creation of tickets and
thereafter for listing his/her open and closed tickets.

Please let me know if this is possible and steps to meet this
requirement.

Maneesh Kumar

National PARAM Supercomputing Facility

HPC Infrastructure and Ecosystem Group
Centre for Development of Advanced Computing


[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and
destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this
email
is strictly prohibited and appropriate legal action will be taken.


RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training

  • Los Angeles - January 9-11 2017

Hi,

A quick google suggests that you may be looking for OpenAM web policy
agents

“Profile Attribute Fetch Mode”

Good luck…

Best Regards

MartinOn 2016-11-09 16:04, Martin Wheldon wrote:

Hi Maneesh,

I’m not familiar with OpenAM, but you should be able to get this to do
the authentication by either SSO cookie or getting the web server to
populate the REMOTE_USER variable.

The following may help…

https://docs.bestpractical.com/rt/4.4.1/RT/Authen/ExternalAuth/DBI/Cookie.html
https://docs.bestpractical.com/rt/4.4.1/RT/Authen/ExternalAuth.html#CONFIGURATION
https://docs.bestpractical.com/rt/4.4.1/authentication.html#Via-your-web-server-aka-WebRemoteUserAuth-aka-REMOTE_USER

However you will need to create groups and configure group
access/permissions to the relevant queue(s) within RT.

Best Regards

Martin

On 2016-11-09 12:58, Maneesh Kumar wrote:

Hello members,

We also have a requirement of mapping users of a particular user
database under OpenAM(SSO) to a specific queue. This is required to
enable users to have access to a specific queue rather than all
queues. The access need to be enabled for creation of tickets and
thereafter for listing his/her open and closed tickets.

Please let me know if this is possible and steps to meet this
requirement.

Maneesh Kumar

National PARAM Supercomputing Facility

HPC Infrastructure and Ecosystem Group
Centre for Development of Advanced Computing


[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and
destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this
email
is strictly prohibited and appropriate legal action will be taken.


RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training

  • Los Angeles - January 9-11 2017

RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training

  • Los Angeles - January 9-11 2017