@abh3 continuing this debugging.
I think there is a fundamental mis-understanding on the expected new behavior in the SciTokens plugin with pass through authorization. I have been running test on the rc4, with no token given.
The configuration line is specified like:
ofs.authlib libXrdAccSciTokens.so config=/run/stash-origin-auth/scitokens.conf
In this case, the scitokens library returns a failure because there is no token in the request, which is correct. It tries to “pass through” the authorization, but there is no chained authorization so it returns XrdAccPriv_None
https://github.com/xrootd/xrootd/blob/master/src/XrdSciTokens/src/XrdAccSciTokens.cc#L488
It appears that XRootD then returns failure to the client. The old behavior was to then go to the Authfile, I believe.
The configuration line is specified like:
ofs.authlib ++ libXrdAccSciTokens.so config=/run/stash-origin-auth/scitokens.conf
It tries to “pass through” the authorization, and there is an object passed through the chain, but it immediately segfaults when trying to call “Access” on the chained auth.
https://github.com/xrootd/xrootd/blob/master/src/XrdSciTokens/src/XrdAccSciTokens.cc#L488
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1