Skip to content

SciTokens and X.509 cert authentication

Duncan Meacher requested to merge (removed):master into master

Added authentication for both SciTokens and X.509 certificates for all current views. This MR shouldn't be merged into the master branch, I'm just using it so that the current code can be reviewed. A few changes will still need to be made once this project has progressed further, these include:

  • Adding a list of public keys, either from cluster issuers, or from a SciTokens server.
  • Determining the allowed scopes that can be used.
  • Setting the token subject and working out how this can be checked. Possibly from the grid-mapfile.

I have been testing this on the datafind-test VM, both with SciTokens that I've generated myself, and with proxy certificates. For the grid proxy certs, I've tested the cluster issued proxies, impersonation proxies that are generated on my laptop and then used to 'gsissh' into a cluster, and then UWM issued proxies. The first two are able to access the server, while the UWM proxy fails to authenticate.

Closes #3 (closed).

Edited by Duncan Macleod

Merge request reports