LISTSERV 16.5 - XROOTD-L Archives

Hi Petr,

Thanks for the heads up.  I'll check.

This is xrootd built from master.  But I'm not sure what is installed on the node.

Al

________________________________________________
Albert L. Rossi
Senior Software Developer
Scientific Computing Division, Scientific Data Services, Distributed Data Development
FCC 229A
Mail Station 369 (FCC 2W)
Fermi National Accelerator Laboratory
Batavia, IL 60510
(630) 840-3023

________________________________
From: Petr Vokac <[log in to unmask]>
Sent: Friday, March 25, 2022 7:37 PM
To: Albert Rossi <[log in to unmask]>; [log in to unmask] <[log in to unmask]>; xrootd-dev <[log in to unmask]>
Subject: Re: some issues with setting up scitokens

Tokens are processed by scitokens-cpp library - are you using ancient version < 0.6.0?

Petr

On 3/25/22 17:36, Albert Rossi wrote:
Hi all,

I hate to bother you with this, but I need to test dCache/xrootd TPC interaction and I can't seem to get the xrootd server set up correctly to accept the token that is issued to me by cilogon.

I have attached a description of the problem.

Also, I tried to revert to using demo tokens from the demo.scitokens.org generator. xrootd rejects it:


220325 11:11:24 3012 scitokens_Validate: Failed to deserialize SciToken: token verification failed: Unknown profile version in token: scitoken:2.0

The demo token looks like this:

{
  "ver": "scitoken:2.0",
  "aud": "https://wlcg.cern.ch/jwt/v1/any"<https://wlcg.cern.ch/jwt/v1/any>,
  "iss": "https://demo.scitokens.org"<https://urldefense.proofpoint.com/v2/url?u=https-3A__demo.scitokens.org&d=DwMDaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=60rQ0HHqHmEY1P6VSdyuTQ&m=aq7edPjzgxZXfqHAN7ja7fpgcTyLmUH3OEchDUDTvq3XVp2iMfZz60J36Y1k4wDC&s=zqHioxR0mBN42zZFM6pGduJ-314rQLFbn9FnOyVX1zc&e=>,
  "sub": "arossi",
  "scope": "storage.create:/data/xrootdfs compute.create compute.read compute.cancel compute.modify storage.read:/data/xrootdfs",
  "exp": 1648226355,
  "iat": 1648225755,
  "nbf": 1648225755,
  "jti": "dc985830-fd90-49ae-a8fb-d08da5ec4c26"
}

I cannot eliminate the "ver" attribute (the generator keeps including it).  What does xrootd need to see as "ver" ?

(This problem is less important that trying to understand why the cilogon token doesn't get me the needed permissions the way I configured the server.)

Thank you for your help, and apologies for the bother.

Al

________________________________________________
Albert L. Rossi
Senior Software Developer
Scientific Computing Division, Scientific Data Services, Distributed Data Development
FCC 229A
Mail Station 369 (FCC 2W)
Fermi National Accelerator Laboratory
Batavia, IL 60510
(630) 840-3023


________________________________

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1<https://urldefense.proofpoint.com/v2/url?u=https-3A__listserv.slac.stanford.edu_cgi-2Dbin_wa-3FSUBED1-3DXROOTD-2DL-26A-3D1&d=DwMDaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=60rQ0HHqHmEY1P6VSdyuTQ&m=aq7edPjzgxZXfqHAN7ja7fpgcTyLmUH3OEchDUDTvq3XVp2iMfZz60J36Y1k4wDC&s=PwD-A3pNZNWMMJefHhy8VYMadbg8mOU75JK_TGIUNo8&e=>


########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1