As a user who has never signed up or logged in before, I should be able to use a set of credentials from a pre-approved external service like Github or NCSA Kerberos to log into the platform.
- User has selected "Sign in with ____" link from home page
- Workbench does not yet have any "account" in etcd for this user
- On the SSO page, the user selects "Sign in with _______" (for some IDP that is supported by CILogon)
- User is redirected to an application-specific IDP approval page (i.e. "Authorize NDS Labs to access your ______ account")
- If user approves access, an NDS Labs account (aka "shadow record") is created in etcd in a pending/unapproved state. The new account then follows the normal approval workflow.
- After account is approved by admin, user receives notification and is able to login to the system with their Oauth IDP credentials
- User does not choose to approve/ grant access for Workbench to use application information
Supported CILogon login methods include:
- Shibboleth (i.e. universities)