Using:
http.selfhttps2http yes
and authenticating with VOMS extensions, e.g.:
VOMS data - user: '/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=ddmadmin/CN=531497/CN=Robot: ATLAS Data Management'
VOMS data - vorg: 'atlas'
VOMS data - fqan[0]:/atlas/Role=production/Capability=NULL
VOMS data - fqan[1]:/atlas/Role=NULL/Capability=NULL
VOMS data - fqan[2]:/atlas/lcg1/Role=NULL/Capability=NULL
VOMS data - fqan[3]:/atlas/usatlas/Role=NULL/Capability=NULL
The redirection URL may be something like:
somepath?xrdhttptk=sometoken&xrdhttptime=1529048080&xrdhttpname=thelongdn&xrdhttpvorg=atlas&xrdhttphost=somehost&xrdhttpdn=thelongdn
i.e. it will only contain name, DN and vorg, but none of the roles. Hence, authentication based on roles does not work, and one has to use https also for data traffic.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
{"@context":"http://schema.org","@type":"EmailMessage","potentialAction":{"@type":"ViewAction","target":"https://github.com/xrootd/xrootd/issues/745","url":"https://github.com/xrootd/xrootd/issues/745","name":"View Issue"},"description":"View this Issue on GitHub","publisher":{"@type":"Organization","name":"GitHub","url":"https://github.com"}}
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"selfhttps2http does not allow auth based on roles (#745)"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/745"}}}
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",
"title": "selfhttps2http does not allow auth based on roles (#745)",
"sections": [
{
"text": "",
"activityTitle": "**Oliver Freyermuth**",
"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",
"activitySubtitle": "@olifre",
"facts": [
{
"name": "Repository: ",
"value": "xrootd/xrootd"
},
{
"name": "Issue #: ",
"value": 745
}
]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 745,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"
}
]
},
{
"name": "Close issue",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 745\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/xrootd/xrootd/issues/745"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 346859151\n}"
}
],
"themeColor": "26292E"
}
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1