Print

Print

When using a simple configuration for scitokens as the following one, for example:

[Global]
audience = https://wlcg.cern.ch/jwt/v1/any,https://elvin-dev01.cern.ch

[Issuer OSG-Connect]
issuer = https://wlcg.cloud.cnaf.infn.it/
base_path = /
map_subject = False
default_user = dteam001

The default user is not propagated to the XrdSecEntity structure since there is not rule to apply and this then defaults to setting an empty string for the username:
https://github.com/xrootd/xrootd/blob/master/src/XrdSciTokens/XrdSciTokensAccess.cc#L244

Therefore, a few lines below both scope and mapping are false, so this falls through any configured chained library:
https://github.com/xrootd/xrootd/blob/master/src/XrdSciTokens/XrdSciTokensAccess.cc#L387

This was behaving differently in the 4.8.* branch, where the given default_user was properly passed to the XrdSecEntity structure using the same configuration as above.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1567", "url": "https://github.com/xrootd/xrootd/issues/1567", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1