Scitoken authentication
Updated version of MR4 to handle scitokens instead of X.509 certificates. Functionality remains similar. One change is that the scitoken data is now set in the gwdatafind-server.ini file instead of at the top of authentication.py. This allows for different values to be used for testing purposes, where locally created SciTokens are used.
This has been tested using CILogon issued SciTokens, though further testing is required.
Gitlab CI unit tests have been added that repeat all the X509 view tests with the use of Scitokens. For this locally issued tokens are used, using the same setup functions as are used here: https://github.com/duncanmmacleod/igwn-auth-utils/blob/main/igwn_auth_utils/tests/conftest.py
The public PEM key is then stored in a scitoken keycache, that can be accessed and used in authentication.py to deserialise the test token. One if "TEST"
statements is used for the validator. A workaround needs to be developed before this can pushed to production.
Closes #3 (closed).
Merge request reports
Activity
requested review from @duncanmmacleod
assigned to @duncan.meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
added 1 commit
- 2a7374b4 - Added full suite of unit tests for SciToken authentication
added 9 commits
-
2a7374b4...74a9267a - 8 commits from branch
master
- 37b00d91 - Merge branch 'master' into 'scitokens'
-
2a7374b4...74a9267a - 8 commits from branch
added 1 commit
- 1a55a29c - Switch to using keycache to store public key for deserializing test tokens
added 1 commit
- f950d542 - removed if statement for token deserialisation
- Resolved by Duncan Meacher
- Resolved by Duncan Meacher
I have a feeling we need to wait for https://github.com/scitokens/scitokens/issues/143 before we can deploy this.
changed milestone to %GWDataFind Server 1.2.0
added 30 commits
-
cc0535bb...96841028 - 29 commits from branch
master
- 6cc93d92 - Merge branch 'master' into 'scitokens' after MR17
-
cc0535bb...96841028 - 29 commits from branch
added 1 commit
- ff5b074c - Adding python3-scitokens package for EL7 test
mentioned in merge request !20 (merged)
added gwdatafind_server.authentication label
@duncan.meacher, can you rebase this, then we may be able to get it over the line.