If you use delegation with secure conversation and want to access the delegated credential in your service, use API described in:
http://www.globus.org/toolkit/docs/4.0/security/message/developer-index.html #s-message-developer-scenarios-delegation Once you get the peer credential, if you want to use it for further invocation, use property (5) described in this table to set the clients credential as the calling credential: http://www.globus.org/toolkit/docs/4.0/security/message/WS_AA_Message_Level_ Public_Interfaces.html#id2537310 The link on that table gives you utility that can be used to convert between different representations, if need be. Rachana _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wilson Jr. Sent: Tuesday, December 04, 2007 1:39 PM To: Charles Bacon Cc: Globus User List Subject: Re: [gt-user] GSI Hi Charles. On Dec 4, 2007 2:02 PM, Charles Bacon <[EMAIL PROTECTED]> wrote: On Dec 4, 2007, at 10:42 AM, Wilson Jr. wrote: > Ok Charles, just to be sure, these are the sequence I have to do? > gpt-build .... > gpt-postinstall > But like I have two SimpleCa, and already have installed a > simpleCa, I do a setup-gsi without the -default? > setup-gsi Right. You don't need the -default, you just want the certs installed. > Ok, can I use only SecureConversation with delegation? > Puts in my service security descriptor, Secure Conversation, with > both Privacy and Integrity , and delegation. > For me I'ts better 'cause DeliverToFtp, needs secureConversation > with delegation. I'm not sure I understand the question. Ok, let me explain. I'm needing urgently present my project, and then for now I'm not putting my service to use Delegation Service, but in future must use. Then I'm just wanting to use Delegation with SecureConversation. This is my environment. My user -> contacts MyService. MyService-> contacts OGSA-DAI Service. The question is: I'm using deliveryToGFTP activity in Ogsa-dai, then to use this activity my ogsa-dai client(MyService) must implement SecureConversation with at least limited delegation. Then I do this in the method from MyService that contacts Ogsa-Dai: mDRER.addServerCommsProperty(Constants.GSI_SEC_CONV , Constants.ENCRYPTION); mDRER.addServerCommsProperty(Constants.GSI_SEC_CONV, Constants.SIGNATURE); mDRER.addServerCommsProperty(GSIConstants.GSI_MODE, GSIConstants.GSI_MODE_FULL_DELEG); But this it's not working, it gives this error: org.globus.ftp.exception.ServerException, Server refused performing the request. Custom message: Bad password. (error code 1) [Nested exception message: Custom message: Unexpected reply: 530-Login incorrect. : globus_gss_assist: Gridmap lookup failure: Could not map /O=Grid/OU=GlobusTest/OU=simpleCA-pc-boys/CN=host/pc-boys Like my service that's the client to ogsa-dai, this gets the containercert. What I did, I put security_descriptor.xml to MyService with SecureConversation, with privacy, integrity and delegation. and in the Client For MyService I do: ((javax.xml.rpc.Stub)port)._setProperty(Constants.GSI_SEC_CONV,Constants.ENC RYPTION); ((javax.xml.rpc.Stub)port)._setProperty(Constants.GSI_SEC_CONV,Constants.SIG NATURE); ((javax.xml.rpc.Stub)port)._setProperty( GSIConstants.GSI_MODE, GSIConstants.GSI_MODE_FULL_DELEG); I'd like to know, how I do in MyService to get the credential delegated by the MyService Client, and use it to interact to OGSA-DAI. In fact, I'd like to know too why give this error using the Container host? It shouldn't run? > How do I use on the calling to Ogsa-dai to reuse the credentials > delegated by the user in Java? That's why I sent the link to the developer's guide for the Delegation Service. It should show you the code/interface you need to use the Delegation service. Charles Thanks again. -- "É este um mundo no qual devemos esconder nossas virtudes?" Willian Shakespeare **************** Wilson Júnior ****************
