Print

Print

Oh, I had misunderstood your setup! I didn't realize the scitokens piece and multiuser piece were on different servers.

Seems the problem is the fact that the token is evaluated (and potentially mapped) per-request whereas maybe SSS works at the session level? In other words, the mapping is happening too late to affect what SSS is doing.

@cantrip - if you insert the token into the URL (?authz=Bearer%20XXXXXX), does it forward the token to the origin and does the origin act correctly in that case?

This is getting to my limit of knowledge about how SSS works... @abh3, should we be forwarding the session token in the proxy?


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <xrootd/xrootd/issues/1851/1341899964@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1851#issuecomment-1341899964", "url": "https://github.com/xrootd/xrootd/issues/1851#issuecomment-1341899964", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1