Print

Print

stash-origin-auth]# xrootd -version v5.5.5

This is the case with 2 issuers:

`[root@node-1-5 stash-origin-auth]# cat scitokens.conf
[Global]
audience = IceCube, NRP

[Issuer https://chtc.cs.wisc.edu/icecube]
issuer = https://chtc.cs.wisc.edu/icecube
base_path = /icecube
map_subject = False

[Issuer https://token.nationalresearchplatform.org/modis]
issuer = https://token.nationalresearchplatform.org/modis
base_path = /nrp/protected/sio/MODIS_Aqua_microphysics_images/
map_subject = False

[Issuer https://token.nationalresearchplatform.org/ucsdphysics]
issuer = https://token.nationalresearchplatform.org/ucsdphysics
base_path = /ucsd/physics
map_subject = False`

Plugin loaded XRootDTCP v5.4.0 from xrd.tcpmonlib /usr/lib64/libXrdTCPStats-5.so ------ xrootd [log in to unmask]:1095 initialization completed. 230822 18:24:11 291323 XrootdBridge: unknown.1:[log in to unmask] login as nobody 230822 18:24:11 291323 scitokens_GenerateAcls: Failed to deserialize SciToken: token verification failed: Token issuer is not in list of allowed issuers. 230822 18:24:11 291323 scitokens_Access: Failed to generate ACLs for token 230822 18:24:11 291323 acc_Audit: unknown.1:[log in to unmask] deny https *@[::ffff:68.8.122.198] create /nrp/protected/sio/MODIS_Aqua_microphysics_images/aaa 230822 18:24:11 291323 scitokens_GenerateAcls: Failed to deserialize SciToken: token verification failed: Token issuer is not in list of allowed issuers. 230822 18:24:11 291323 scitokens_Access: Failed to generate ACLs for token 230822 18:24:11 291323 acc_Audit: unknown.1:[log in to unmask] deny https *@[::ffff:68.8.122.198] excl_create /nrp/protected/sio/MODIS_Aqua_microphysics_images/aaa 230822 18:24:11 291323 ofs_open: unknown.1:[log in to unmask] Unable to create /nrp/protected/sio/MODIS_Aqua_microphysics_images/aaa; permission denied 230822 18:24:11 291323 unknown.1:[log in to unmask] Xrootd_Response: sending err 3010: Unable to create /nrp/protected/sio/MODIS_Aqua_microphysics_images/aaa; permission denied 230822 18:24:11 291323 XrootdXeq: unknown.1:[log in to unmask] disc 0:00:00 (send failure) 230822 18:24:15 291322 XrootdBridge: unknown.2:[log in to unmask] login as nobody 230822 18:24:15 291322 scitokens_GenerateAcls: Failed to deserialize SciToken: token verification failed: Token issuer is not in list of allowed issuers. 230822 18:24:15 291322 scitokens_Access: Failed to generate ACLs for token 230822 18:24:15 291322 acc_Audit: unknown.2:[log in to unmask] deny https *@[::ffff:68.8.122.198] create /nrp/protected/sio/MODIS_Aqua_microphysics_images/aaa 230822 18:24:15 291322 scitokens_GenerateAcls: Failed to deserialize SciToken: token verification failed: Token issuer is not in list of allowed issuers. 230822 18:24:15 291322 scitokens_Access: Failed to generate ACLs for token 230822 18:24:15 291322 acc_Audit: unknown.2:[log in to unmask] deny https *@[::ffff:68.8.122.198] excl_create /nrp/protected/sio/MODIS_Aqua_microphysics_images/aaa

This case is with this config, two different domains:

`[Global]
audience = IceCube, NRP

[Issuer https://chtc.cs.wisc.edu/icecube]
issuer = https://chtc.cs.wisc.edu/icecube
base_path = /icecube
map_subject = False

[Issuer https://token.nationalresearchplatform.org/modis]
issuer = https://token.nationalresearchplatform.org/modis
base_path = /nrp/protected/sio/MODIS_Aqua_microphysics_images/
map_subject = False

[Issuer https://token.nationalresearchplatform.ort/ucsdphysics]
issuer = https://token.nationalresearchplatform.ort/ucsdphysics
base_path = /ucsd/physics
map_subject = False`

230822 18:30:15 292637 scitokens_Access: Trying token-based access control 230822 18:30:15 292637 scitokens_Access: Cached token mapped_username=, subject=NRP, issuer=https://token.nationalresearchplatform.org/modis, authorizations=/nrp/protected/sio/MODIS_Aqua_microphysics_images:read,dir,stat,create,mkdir,mv,insert,update,chmod,del 230822 18:30:15 292637 scitokens_Access: Grant authorization based on scopes for operation=create, path=/nrp/protected/sio/MODIS_Aqua_microphysics_images/aaa 230822 18:30:15 292637 unknown.2:[log in to unmask] ofs_fstat: fn=/nrp/protected/sio/MODIS_Aqua_microphysics_images/aaa


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <xrootd/xrootd/issues/2074/1688713468@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/2074#issuecomment-1688713468", "url": "https://github.com/xrootd/xrootd/issues/2074#issuecomment-1688713468", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1