When using a simple configuration for scitokens as the following one, for example:
[Global]
audience = https://wlcg.cern.ch/jwt/v1/any,https://elvin-dev01.cern.ch
[Issuer OSG-Connect]
issuer = https://wlcg.cloud.cnaf.infn.it/
base_path = /
map_subject = False
default_user = dteam001
The default user is not propagated to the XrdSecEntity structure since there is not rule to apply and this then defaults to setting an empty string for the username:
https://github.com/xrootd/xrootd/blob/master/src/XrdSciTokens/XrdSciTokensAccess.cc#L244
Therefore, a few lines below both scope
and mapping
are false, so this falls through any configured chained library:
https://github.com/xrootd/xrootd/blob/master/src/XrdSciTokens/XrdSciTokensAccess.cc#L387
This was behaving differently in the 4.8.* branch, where the given default_user
was properly passed to the XrdSecEntity structure using the same configuration as above.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1