Hello all,
Though this is a dev. version, yet I am sending this mail to the
user forums in absence of any other alternative.
Problem - CAS assertion working with gridftp server. As far as I know, this
is same as far as 4.0 and 4.1 is concerned. I could make the following work
in 4.0 But 4.1, there is error :
cas-wrap -p casProxy1 globus-url-copy gsiftp://g5.gridlab/home/kakolis/log
file:///var/tmp/cas_test/newlogx
Tag true: 2 Tag Proxy file casProxy1
Proxy casProxy1
Command line globus-url-copy gsiftp://g5.gridlab/home/kakolis/log
file:///var/tmp/cas_test/newlogx
error: globus_ftp_client: the server responded with an error
500 500-Command failed. : authorization failed.
500-globus_gsi_authz: Callout returned an error
500-globus_callout_module: The callout returned an error
500-globus_gsi_authz_gaa_callout.c:579: gaa_get_object_policy_info returned
GAA_S_NO_MATCHING_ENTRIES ()
500 End.
The cas db has read permission on object ftp://g5.gridlab/home/kakolis/log
for user 'kakoli' and there is entry in grid-mapfile mapping the DN to a
local a/c having permission on the file
ftp://g5.gridlab/home/kakolis/log
Also, in the SAML assertion, it is coming as
<AuthorizationDecisionStatement Decision="Permit"
Resource="FTPDirectoryTree|.ftp://g5.gridlab/home/kakolis/log";
If objects are represented as "objectNamespace|objectName", why is there a
'.' before ftp in Resource?
Regards,
Kakoli
________________________________________________________________________
KAKOLI SEN Ph:91-80-25341909/215(Extn. 309)
C-DAC Knowledge Park E-mail:
#1, Old Madras Road [EMAIL PROTECTED]
Bangalore - 560 038, INDIA [EMAIL PROTECTED]
________________________________________________________________________
