Most of the LRZ Globus Endpoints use CILogon to authenticate users against the LRZ Shibboleth Single Sign On IdP. While Single Sign on is great and convenient most of the time, it usually becomes a hassle, when you want to authenticate to a single IdP with multiple user accounts. With Globus this comes particular visible, when you for example want to transfer data between the various Globus Endpoints at LRZ using different LRZ user accounts.
In the following, we outline a procedure that enables you, to activate the LRZ Globus Endpoints with different user accounts, which gives you the possibility to transfer data between different Globus Endpoints a LRZ using different LRZ user accounts.
- Either close and reopen your browser or start a new "Private Mode Tab/Window". Note that the following procedure must be performed in the very same browser tab.
- Go to https://app.globus.org and log in to Globus, using one of your LRZ accounts. But when you are redirected to the LRZ Shibboleth IdP (this is where you are asked for username and password), make sure to mark the option "Anmeldung nicht speichern" / "Don't Remember Login"
- After you have been logged in to Globus, go to the Endpoints section of the app.
- Search and select the Endpoint, you want to access with the LRZ user account, you just have logged in.
- Click on Activate or Extend Activation and complete the Activation/Extension flow
- In the same browser tab Logout from CILogon by following this link.
- Again, go to the Endpoints section of the app.
- Search and select the Endpoint, you want to access with the other LRZ user account.
- If the Endpoint has been already enabled, klick on Deactivate Credentials
- Activate the Endpoint by clicking on the Activate Button
- Complete the activation flow but when asked for username and password, use your other LRZ user account.
- You now can open the Globus Online File manager and transfer data between the two LRZ endpoints, using the different LRZ user accounts
Please note that you cannot have multiple Globus Transfers in parallel that use the same endpoint but different user accounts. If you want to switch user accounts for an endpoint, you'll have to wait until all transfers from this endpoint have finished. Otherwise they may fail.