RE: [gt-user] How setup GSI Transport in the Client

Wed, 23 Apr 2008 05:32:48 -0700 

If you are using GT 4.1.x or code from trunk, use GSISecureTransport as the
element name:

 

http://www.globus.org/toolkit/docs/development/4.2-drafts/security/wsaajava/
wsaajava-secdesc.html#wsaajava-secdesc-clientSide

 

In GT 4.0.x, you need to set it on the stub if encryption is required. If
GSI Transport with signature is needed, it will be used based on the URL
starting with “https”.

 

http://www.globus.org/toolkit/docs/4.0/security/message/WS_AA_Message_Level_
Public_Interfaces.html#s-message-public-domain

 

 

BTW, run-as caller identity requires that the caller delegate credentials to
the service as part of the authentication step. So it will work only with
GSI Secure Conversation with delegation.

 

Rachana

 

  _____  

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Wilson Jr.
Sent: Tuesday, April 22, 2008 9:34 PM
To: Globus User List
Subject: [gt-user] How setup GSI Transport in the Client

 

Hi folks,

I was running the Globus Container with: -nosec, and then using
GSISecureConversation
at my GridService, and it works fine. I'd like to change to GSITransport,
then I took out the
-nosec, and I'm running Globus in 8443. The security-descriptor from my
service is this:
<securityConfig xmlns="http://www.globus.org";>

        <auth-method>
                <GSITransport>
                        <protection-level>
                                <privacy/>
                        </protection-level>
                </GSITransport>
        </auth-method>

   <authz value="none"/>   

        <run-as>
                <caller-identity/>
        </run-as>

</securityConfig>

My client has a client-security-descriptor.xml to choose the level of
security, before using
GsiSecureConversation, it was ok, but putting:
<GSITransport>
   <privacy/>
</GSITransport>

it doesn't work, says the attribute GSITrasnport cannot be used in the
descriptor, then I took out 
and let my client-security-descriptor.xml practically empty:
<?xml version="1.0" encoding="UTF-8"?>
<securityConfig xmlns="http://www.globus.org";>

</securityConfig>

and it throws this exception:
ERROR: GSI Transport (encryption only) authentication required for
"{http://topgrid.dcc.ufba.br/namespace/grid/apps/AfisDCC/AfisDCC}sendFinger
<http://topgrid.dcc.ufba.br/namespace/grid/apps/AfisDCC/AfisDCC%7dsendFinger
> " operation.
AxisFault



My question is, How do I set GSI Transport in the client?

-- 
"É este um mundo no qual devemos esconder nossas virtudes?"
Willian Shakespeare


****************
Wilson Júnior
****************

Reply via email to