Single Sign On (SSO) Hub

XSEDE now supports a Single Sign On (SSO) login hub, login.xsede.org, a single point-of-entry to the XSEDE cyberinfrastructure. Upon logging into the hub with your XSEDE User Portal (XUP) username and password, a 12 hour proxy certificate is automatically generated, allowing you to access XSEDE resources for the duration of the proxy. You may then gsissh to any XSEDE compute resource without the need for a resource-specific username and password.

You may view a complete listing of their XSEDE resource accounts in the XSEDE User Portal under the MyXSEDE->Accounts menu item. For any and all account related questions and problems, please submit an XSEDE helpdesk ticket.

The XSEDE SSO hub accepts only standard SSH incoming connections. Use of SSH keys is not allowed as this would interfere with the authentication mechanism.

Users are limited to 100MB of storage on the hub. Data is NOT backed up. Please use your allocated storage resources for data storage. The XSEDE storage resources are not accessible via the SSO hub.

Login to the SSO Hub

To login to the XSEDE SSO Hub, use your SSH client to start an SSH session on login.xsede.org with your XSEDE User Portal username and password:

localhost$ ssh -l XUPusername login.xsede.org

If you have registered with the XSEDE DUO service for additional authentication, you will be prompted to authenticate yourself further using DUO and your DUO client app, token or other contact method.

Once logged onto the hub, then use the "gsissh" utility to login to any XSEDE HPC system where you have an account. To simplify access to XSEDE HPC systems, host aliases and settings have been defined in the default gsissh client configuration on the SSO Hub. This means that you can use gsissh to login to XSEDE HPC systems by referring only to their short Host alias name, e.g.,

[XUPusername@ssohub ~]$ gsissh bridges

A current list of these gsissh host aliases is provided in the "message of the day" (/etc/motd) file displayed upon login, or by executing the "xsede-gsissh-hosts" command on the XSEDE SSO Hub. (See example below.)

Checking the Status of and Renewing your X.509 Credential on the SSO Hub

The X.509 credential obtained on your behalf upon SSH login to the SSO Hub has a 12-hour validity period by default. You can check the remaining validity of this credential with the "grid-proxy-info" command.

To renew your X.509 credential while logged into the SSO Hub, use the "myproxy-logon" command; when prompted, enter your XSEDE User Portal password. (See example below.)

SSO Hub Example Work Session

In the example session below, we illustrate login to the XSEDE SSO Hub using a command-line SSH client:

Our user, Dr. Jane User, PhD, uses ssh to log in to the XSEDE SSO Hub. From there she uses the gsissh utility to login to her account on Bridges at PSC. After exiting from Bridges and returning to the SSO Hub, she examines the status of her X.509 credential using grid-proxy-info and then renews it using myproxy-logon. After listing the currently available gsissh host aliases using the xsede-gsissh-hosts command, Dr. Jane uses gsissh to login to her account on Wrangler (at TACC). Finally Dr. Jane exits the TACC Wrangler system, returning to the SSO Hub, and then exits the SSO Hub to return to her local workstation.

[my-local-workstation:~ DrJanePhD]$ ssh -l JaneXUPuser login.xsede.org
...
#  Welcome to the XSEDE Single Sign-On (SSO) Hub!
...
[JaneXUPuser@ssohub ~]$ grid-proxy-info
subject  : /C=US/O=National Center for Supercomputing Applications/CN=Dr Jane User PhD
issuer   : /C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=MyProxy CA 2013
identity : /C=US/O=National Center for Supercomputing Applications/CN=Dr Jane User PhD
type     : end entity credential
strength : 2048 bits
path     : /tmp/x509up_u999
timeleft : 11:59:43

[JaneXUPuser@ssohub ~]$ gsissh bridges
...
You have connected to br005.pvt.bridges.psc.edu 
...
[janeBridgesUser@br005:~]$ Do science...
[janeBridgesUser@br005:~]$ exit
logout
Connection to bridges.psc.edu closed.

[JaneXUPuser@ssohub ~]$ grid-proxy-info
subject  : /C=US/O=National Center for Supercomputing Applications/CN=Dr Jane User PhD
issuer   : /C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=MyProxy CA 2013
identity : /C=US/O=National Center for Supercomputing Applications/CN=Dr Jane User PhD
type     : end entity credential
strength : 2048 bits
path     : /tmp/x509up_u999
timeleft : 0:33:17

[JaneXUPuser@ssohub ~]$ myproxy-logon
Enter MyProxy pass phrase:
A credential has been received for user dsimmel in /tmp/x509up_u999.

[JaneXUPuser@ssohub ~]$ grid-proxy-info
subject  : /C=US/O=National Center for Supercomputing Applications/CN=Dr Jane User PhD
issuer   : /C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=MyProxy CA 2013
identity : /C=US/O=National Center for Supercomputing Applications/CN=Dr Jane User PhD
type     : end entity credential
strength : 2048 bits
path     : /tmp/x509up_u999
timeleft : 11:59:54

[JaneXUPuser@ssohub ~]$ xsede-gsissh-hosts
bridges
comet
darter
gordon
greenfield
mason
maverick
osg
stampede
stampede-knl
supermic
wrangler-iu
wrangler-tacc
xstream

[JaneXUPuser@ssohub ~]$ gsissh wrangler-tacc
------------------------------------------------------------------------------
			Welcome to the Wrangler Supercomputer
	Texas Advanced Computing Center, The University of Texas at Austin
------------------------------------------------------------------------------
...
login1.wrangler(1)$ grid-proxy-info
subject  : /C=US/O=National Center for Supercomputing Applications/CN=Dr Jane User PhD/CN=1703678490
issuer   : /C=US/O=National Center for Supercomputing Applications/CN=Dr Jane User PhD
identity : /C=US/O=National Center for Supercomputing Applications/CN=Dr Jane User PhD
type     : RFC 3820 compliant impersonation proxy
strength : 2048 bits
path     : /tmp/x509up_p32561.fileb4LyLA.1
timeleft : 11:57:19

login1.wrangler(2)$ Do more science...
login1.wrangler(3)$ exit
logout
Connection to wrangler.tacc.xsede.org closed.

[JaneXUPuser@ssohub ~]$ exit
logout
Connection to login.xsede.org closed.

[my-local-workstation:~ DrJanePhD]$ 

References

Last update: November 3, 2016