Feature request: new principals in OIDC plugin (for Audience) and - optionally - in the LDAP plugin for gPlazma #7955
Description
Dear dCache developers.
We would like to make a feature request to you in the context of our OIDC with CodeFlow test setup:
To have slim dCache setup, we would like you to ask to introduce to the gPlazma oidc plugin another extracted principal, e.g. called OidcAudiencePrincipal to be able to use it in the omnisession plugin to setup directories for different organisations/groups, which use different audiences.
As an optional nice-to-have, it would be good to have also the possibility to use variables in the omnisession plugin, e.g. the %homeDirectory%variable from the LDAP (mapping) plugin.
To have an estimate for the feasibility of this request, and to get a rough idea of the implementation roadmap, I've ran my Github Copilot setup in Agent mode over the dCache repository with Anthropic's Claude Opus 4.5 (Preview) model.
Attached, you can find the detailed proposals written by the AI:
proposal_oidc_audience_principal_anonymized.md
proposal_ldap_attribute_principal_anonymized.md
When trusting these, the total amount of work would comprise something like a week of fulltime work (assuming 8h fulltime per day), which sounds reasonable to us. Please note, that the latter LDAP attribute principal is just a nice to have for our project, and not a show-stopper. The crucial part is really the OIDC Audience Principal.
We would be very happy, if you would consider this request in your feature development planning.
Thank you very much in advance,
Artur for the KIT dCache admin team.
@mksahakyan FYI (we have discussed that topic in our T1 Support Call today)