03-19, 17:10–17:20 (US/Eastern), Tsai Auditorium (CGIS S010)
Secure and efficient access to High-Performance Computing (HPC) resources is critical for enabling scientific and technical innovation. Open OnDemand (OOD), a widely used web-based HPC access portal, simplifies user interactions with cluster resources. However, traditional authentication methods often present challenges, including limited scalability, complex configurations, and security vulnerabilities. Integrating Security Assertion Markup Language (SAML)-based authentication with OOD addresses these challenges by leveraging federated identity providers for seamless and secure single sign-on (SSO). This approach enables researchers and institutions to utilize existing identity management systems, ensuring compliance with organizational policies while streamlining user access. The present
High-Performance Computing (HPC) clusters play a pivotal role in scientific and biomedical research, engineering, and data-intensive applications. Open OnDemand (OOD), an open-source web portal is being optimized at our HPC centers to provide quicker access to HPC resources, offer a user-friendly interface to access computing resources, submit jobs, and monitor workflows. However, ensuring secure, scalable, and user-friendly authentication is a critical challenge, especially in environments where diverse users from multiple institutions need access.
Security Assertion Markup Language (SAML) authentication provides a robust solution for managing access to HPC clusters through federated identity systems. By integrating SAML with Open OnDemand, users can utilize single sign-on (SSO) capabilities, enabling seamless access across multiple services while relying on their institution's identity provider (IdP) for secure authentication. This reduces the need for maintaining separate credentials and simplifies access management for system administrators.
Implementing SAML authentication in OOD involves configuring the portal to communicate with SAML-compliant IdPs, such as Shibboleth and mapping user identities to cluster resources. This integration requires careful consideration of security policies, attribute mapping, and access control mechanisms to ensure secure operation in shared, multi-user environments.
The adoption of SAML authentication with Open OnDemand offers significant benefits, including Enhanced Security, Improved User Experience, Scalability, Streamlined Administration.
This approach is particularly valuable in collaborative research environments where multiple institutions share access to HPC resources. By leveraging federated identity systems, SAML-enabled Open OnDemand enhances the usability and security of HPC clusters, making them more accessible to a broader user community.
We present how this has been implemented at the HPC Clusters at the Africa Centers of Excellence (ACE) in Bioinformatics and Data intensive science in both East Africa, at Makerere University, Kampala Uganda and West Africa at the University of Science, Technique and Technology, Bamako Mali.
Rodgers Kimera holds a BSc in Computer Engineering from Busitema University, Uganda and MSc in Computer Science from Victoria University, Uganda. In 2019, while working as a system Engineer working with RDCT, Rodgers was the lead person in setting up the High-Performance Computing (HPC) Infrastructure at ACE Uganda and ACE Mali from which he has generated significant experience in Linux systems, using open-source tools for HPC environments, configuring workload managers especially SLURM, configuring and managing HPC systems as well as the physical hardware configuration.
Currently Rodgers is still working with NIAID/NIH/RDCT as the Lead HPC Engineer and responsible for deploying and maintaining several scientific software tools an