 |
 |
Hi Brian, Let me give you a bit of background on this - indeed this is also related to the other ticket. I started looking at the results of the "WLCG JWT compliance tests", like for example this one: https://ci.cloud.cnaf.infn.it/job/wlcg-jwt-compliance-tests/job/master/lastSuccessfulBuild/artifact/reports/reports/latest/joint-log.html#s1-s5 My aim was to make EOS pass as many tests as possible. One example that is expected to pass is "Read access granted for WLCG members" which uses a token like this: `oidc-token -s openid wlcg 2>&1`. It looks to me that such a token scope will never be satisfied for a storage element. So my assumption was that if at least the mapping works then the chained authz plugin will use the username to actually check if the user has the rights for the requested operation and reply accordingly. Otherwise, such a request will just fail as it currently happens. Thanks, Elvin -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1567#issuecomment-990316255 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1