Notice ID: 75N95023Q00097
Description
The NCATS’ Rare Disease Clinical Research Network (RDCRN) wishes to integrate their single sign-on (SSO) solution into the Cavatica Platform. The Cavatica Platform is a commercial data analysis and sharing platform used by researchers to share access to pediatric genomics data. SSO will allow RDCRN users to sign in from their home organization rather than maintain a separate sign-on identify with Cavatica. Cavatica is funded in part by grants from the NIH Common Fund. The RDCRN runs Shibboleth IdP, running in a proxy mode relying on logins through InCommon institutions, eRA, and login.gov. RDCRN has full ownership of the identity provider (IdP) and it is fully managed.
Specific Requirements:
- RDCRN users can log out and during log out the control will be transferred to the SLO endpoint of the RDCRN IdP for global logout process.
- The Platform will publish logout endpoint to allow for single logout process.
- The Platform will support SP initiated SSO as well as IdP initiated SSO.
- The Platform will implement RelayState per SAML specification of the IdP initiated SSO to allow user redirection to specific parts of the Platform upon login (e.g. specific project, etc.).
- The Platform will accept a common user login identifier with the RDCRN IdP – identified as RDCRN ID (e.g. name@rdcrn.org).
- The Platform will also maintain user email as a separate attribute from the user login identifier.
- The Platform will allow RDCRN user and group creation, update and removal through an API endpoint.
- The Platform will provide access in production mode to up to 10 users chosen by NCATS and the RDCRN.