OOD with Shibboleth email addresses

We have OOD with Shibboleth auth working (following https://osc.github.io/ood-documentation/master/authentication/shibboleth.html). Fields obtained by Shibboleth from IdP include email address, but when attempting to send email to a user, the email address from Shibboleth isn’t used. Instead, email is sent to uname@email-host-domain which is invalid. (uname is set correctly by user_map_cmd in ood_portal.yml.) Is there a way to configure OOD to use users’ email addresses from Shibboleth? (If not, even having something like email_map_cmd similar to user_map_cmd would allow most, but not all, email addresses to be set correctly.)

What is the system that’s emailing? We sometimes enable jobs to email when the job starts or finishes. Is that the particular feature/email you’re referring to?

If so, that’s an issue with the scheduler in question. It looks like in the script object we can set the email user(s) (it’s an array in case you wanted to send emails to multiple users).

So it seems you could add the email field to every submit, which could be kinda painful depending on how many you have to do (and users will have to manually specify it to get it correct when they write/make job scripts or use the cli).

In the case of Slurm (as an example) this translates into every job being submitted with the --mail-user=foo@bar,other@site flag. In another scheduler it’s another flag, and so on.

# the submit/submit.yml.erb for your bc_desktop app.
    - "<%= bc_num_slots.blank? ? 1 : bc_num_slots.to_i %>"
    - "<%= ENV['USER'] %>@the-real-domain-I-want.org"

Or maybe there’s a config on the scheduler side that we can set? Something like EMAIL_DOMAIN. That way we can set it globally (and actually fix the issue for cli users if they happen to run into this).

In either case, it’s the scheduler that’s sending these emails, not open ondemand. So we can force a specific email address to be submitted with the job and brute force configure all the jobs, or fix how the scheduler’s finding the domain.

If this is not enough information and/or you still need more, let us know what type of scheduler you use. Hope that helps!

The feature is the “I would like to receive an email when the session starts” option for apps (Jupyter Notebook and RStudio Server). Adding the email item shown above to the submit.yml.erb for the app worked. This gives us working email for most users, but not for the few whose addresses don’t follow the typical pattern. To get working email for all users, I would still like to make the feature request for apps to be configurable to use email addresses obtained through Shibboleth.

OK I figured out how our clusters work, it turns out it’s a configuration in our LDAP and mail relays. So if I do a simple echo test email | mail -s "test" johrstrom in the command line then the mail relay will query LDAP to find me and extract the email attribute and send to that. That’s just informational in case you want a similar setup in your environment.

Alternatively we could try to find it programmatically in the environment. Can we find the email through an unauthenticated LDAP search?

We’re currently able to pass environment variables to the PUN, but I’m not sure how to do dynamic ones or per user ones like email. The feature that you’re requesting is probably something we’d want longterm to be able to more dynamically react to the users information from the authentication method.

I’ll look into those options, thanks!