LISTSERV 16.5 - XROOTD-DEV Archives

Using:

http.selfhttps2http yes

and authenticating with VOMS extensions, e.g.:

VOMS data - user: '/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=ddmadmin/CN=531497/CN=Robot: ATLAS Data Management'
VOMS data - vorg: 'atlas'
VOMS data - fqan[0]:/atlas/Role=production/Capability=NULL
VOMS data - fqan[1]:/atlas/Role=NULL/Capability=NULL
VOMS data - fqan[2]:/atlas/lcg1/Role=NULL/Capability=NULL
VOMS data - fqan[3]:/atlas/usatlas/Role=NULL/Capability=NULL

The redirection URL may be something like:

somepath?xrdhttptk=sometoken&xrdhttptime=1529048080&xrdhttpname=thelongdn&xrdhttpvorg=atlas&xrdhttphost=somehost&xrdhttpdn=thelongdn

i.e. it will only contain name, DN and vorg, but none of the roles. Hence, authentication based on roles does not work, and one has to use https also for data traffic.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

{"@context":"http://schema.org","@type":"EmailMessage","potentialAction":{"@type":"ViewAction","target":"https://github.com/xrootd/xrootd/issues/745","url":"https://github.com/xrootd/xrootd/issues/745","name":"View Issue"},"description":"View this Issue on GitHub","publisher":{"@type":"Organization","name":"GitHub","url":"https://github.com"}} {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"selfhttps2http does not allow auth based on roles (#745)"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/745"}}} { "@type": "MessageCard", "@context": "http://schema.org/extensions", "hideOriginalBody": "false", "originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB", "title": "selfhttps2http does not allow auth based on roles (#745)", "sections": [ { "text": "", "activityTitle": "**Oliver Freyermuth**", "activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png", "activitySubtitle": "@olifre", "facts": [ { "name": "Repository: ", "value": "xrootd/xrootd" }, { "name": "Issue #: ", "value": 745 } ] } ], "potentialAction": [ { "name": "Add a comment", "@type": "ActionCard", "inputs": [ { "isMultiLine": true, "@type": "TextInput", "id": "IssueComment", "isRequired": false } ], "actions": [ { "name": "Comment", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 745,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}" } ] }, { "name": "Close issue", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 745\n}" }, { "targets": [ { "os": "default", "uri": "https://github.com/xrootd/xrootd/issues/745" } ], "@type": "OpenUri", "name": "View on GitHub" }, { "name": "Unsubscribe", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 346859151\n}" } ], "themeColor": "26292E" }

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1