[ENG-1429] [OSF Institutions] Shared SSO and The Policy Lab

[cslzchen]

Purpose

• Implement a feature that different institutions can share the same SSO
• Add the thepolicylab to prod using brown's SSO of type saml-shib

Changes

• Use a hard-coded map for identifying secondary institutions, which is an easy solution for now without re-design the institution model.
• As long as brown SSO succeeds, the authentication is successful. Errors with secondary institution only prevents the extra affiliation of the secondary one.
• Both institutions will be affiliated for thepolicylab users, which is a Product suggestion.
• Added API tests to cover both major and corner cases
• Integration tests with [ENG-1429] [OSF Institutions] Shared SSO and The Policy Lab cas-overlay#189 passed as well

DevOps Notes

OSF

Run the script to add thepolicylab to prod institutions.

python3 -m scripts.populate_institutions -e prod -i thepolicylab

There is no need to update the test server.

Shibboleth

Add the following line to the file attribute-map.xml.

<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" id="isMemberOf"/>

CAS

Add the following line to the brown block in the institutions-auth.xsl file.

<isMemberOf><xsl:value-of select="//attribute[@name='isMemberOf']/@value"/></isMemberOf>

QA Notes

N / A

Documentation

N / A

Side Effects

N / A

Ticket

https://openscience.atlassian.net/browse/ENG-1429