Using: ``` http.selfhttps2http yes ``` and authenticating with VOMS extensions, e.g.: ``` VOMS data - user: '/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=ddmadmin/CN=531497/CN=Robot: ATLAS Data Management' VOMS data - vorg: 'atlas' VOMS data - fqan[0]:/atlas/Role=production/Capability=NULL VOMS data - fqan[1]:/atlas/Role=NULL/Capability=NULL VOMS data - fqan[2]:/atlas/lcg1/Role=NULL/Capability=NULL VOMS data - fqan[3]:/atlas/usatlas/Role=NULL/Capability=NULL ``` The redirection URL may be something like: ``` somepath?xrdhttptk=sometoken&xrdhttptime=1529048080&xrdhttpname=thelongdn&xrdhttpvorg=atlas&xrdhttphost=somehost&xrdhttpdn=thelongdn ``` i.e. it will only contain name, DN and vorg, but none of the roles. Hence, authentication based on roles does not work, and one has to use https also for data traffic. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/745 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1