Hii
I have issued following voms-proxy-init:
voms-proxy-init --voms test_vo_mysql:/test_vo_mysql/Role=VO-Admin
*Is there any way to specify attribute "ID" in the "voms-proxy-init"
command?*
I think if I specify "ID" in the "voms-proxy-init" command, then only PIP
will read it.
and output of openssl x509 -text -certopt ext_parse < /tmp/x509up_u500
.
.
.
380:d=8 hl=2 l= 48 cons: cont [ 0 ]
382:d=9 hl=2 l= 46 prim: cont [ 6 ]
430:d=8 hl=2 l= 46 cons: SEQUENCE
4*32:d=9 hl=2 l= 14 prim: OCTET STRING :/test_vo_mysql
448:d=9 hl=2 l= 28 prim: OCTET STRING
:/test_vo_mysql/Role=VO-Admin
478:d=4 hl=4 l= 798 cons: SEQUENCE
482:d=5 hl=2 l= 98 cons: SEQUENCE
484:d=6 hl=2 l= 10 prim: OBJECT
:1.3.6.1.4.1.8005.100.100.11
496:d=6 hl=2 l= 84 prim: OCTET STRING
0000 - 30 52 30 50 30 4e 30 30-86 2e 74 65 73 74 5f 76
0R0P0N00..test_v
0010 - 6f 5f 6d 79 73 71 6c 3a-2f 2f 41 72 70 69 74 6a
o_mysql://Arpitj
0020 - 61 69 6e 2e 63 64 61 63-62 2e 65 72 6e 65 74 2e
ain.cdacb.ernet.
0030 - 69 6e 3a 31 35 30 30 30-30 1a 30 18 04 02 49 44
in:150000.0...ID
0040 - 04 03 31 30 30 04 0d 74-65 73 74 5f 76 6f 5f 6d
..100..test_vo_m
0050 - 79 73 71 6c ysql
*
I have put following lines in Policy file:
/test_vo_mysql/Role=VO-Admin
/test_vo_mysql/ID=105
Below is the Server Log:
found truststore configuration: null
2008-08-14 12:16:16,092 DEBUG impl.VomsCredentialPIP
[ServiceThread-43,initialize:108] VOMS PIP initialize complete
****************************HashMap
[EMAIL PROTECTED]
}
2008-08-14 12:16:16,105 DEBUG impl.VomsPDP [ServiceThread-43,initialize:545]
Using static files
2008-08-14 12:16:16,107 DEBUG impl.VomsPDP [ServiceThread-43,initialize:557]
no use-gridmap configuration
2008-0*8-14 12:16:16,112 DEBUG impl.ACLPDP [ServiceThread-43,load:147] added
attribute to policy: /test_vo_mysql/Role=VO-Admin
2008-08-14 12:16:16,113 DEBUG impl.ACLPDP [ServiceThread-43,load:147] added
attribute to policy: /test_vo_mysql/ID=105*
2008-08-14 12:16:16,114 DEBUG impl.VomsPDP [ServiceThread-43,initialize:602]
no attribute authorization policy configuration
2008-08-14 12:16:16,115 DEBUG impl.VomsPDP [ServiceThread-43,initialize:627]
using OR logic for DNs and attributes
2008-08-14 12:16:18,475 DEBUG impl.VomsCredentialPIP
[ServiceThread-41,collectAttributes:122] cred set size: 1
2008-08-14 12:16:18,479 DEBUG impl.VomsCredentialPIP
[ServiceThread-41,collectAttributes:137] set truststore to
[EMAIL PROTECTED]
2008-08-14 12:16:18,525 DEBUG impl.VomsCredentialPIP
[ServiceThread-41,collectAttributes:145] Parse Validator: isParsed : true
isValidated : false
VOMS attrs:[VO :test_vo_mysql
HostPort:Arpitjain.cdacb.ernet.in:15000
FQANs :[/test_vo_mysql/Role=VO-Admin]]
2008-08-14 12:16:18,526 DEBUG impl.VomsCredentialPIP
[ServiceThread-41,collectAttributes:148] getVOMSAttributes() vector size 1
2008-08-14 12:16:18,526 DEBUG impl.VomsCredentialPIP
[ServiceThread-41,collectAttributes:165]
Roles /test_vo_mysql/Role=VO-Admin
2008-08-14 12:16:18,527 DEBUG impl.VomsCredentialPIP
[ServiceThread-41,collectAttributes:167] VO test_vo_mysql
2008-08-14 12:16:18,528 DEBUG impl.VomsCredentialPIP
[ServiceThread-41,collectAttributes:168] hostport
Arpitjain.cdacb.ernet.in:15000
2008-08-14 12:16:18,531 DEBUG impl.VomsPDP
[ServiceThread-41,isPermittedImpl:111] Operation {
http://webservices.vlescience.org/deployment}deploy called by subject:
/O=Grid/OU=GlobusTest/OU=
simpleCA-sukeshini.cdacb.ernet.in/OU=cdacb.ernet.in/CN=Arpit Jain
2008-08-14 12:16:18,532 DEBUG impl.VomsPDP
[ServiceThread-41,isPermittedImpl:119] DN not in gridmap file configured (or
no gridmap): /O=Grid/OU=GlobusTest/OU=
simpleCA-sukeshini.cdacb.ernet.in/OU=cdacb.ernet.in/CN=Arpit Jain
2008-08-14 12:16:18,532 DEBUG impl.VomsPDP
[ServiceThread-41,isPermittedImpl:169] Vector size 1
2008-08-14 12:16:18,533 DEBUG impl.VomsPDP
[ServiceThread-41,isPermittedImpl:171]
***************************Roles /test_vo_mysql/Role=VO-Admin
2008-08-14 12:16:18,533 DEBUG impl.VomsPDP
[ServiceThread-41,isPermittedImpl:183]
Roles /test_vo_mysql/Role=VO-Admin
2008-08-14 12:16:18,534 DEBUG impl.VomsPDP
[ServiceThread-41,isPermittedImpl:217] checking attribute
/test_vo_mysql/Role=VO-Admin
2008-08-14 12:16:18,535 INFO impl.VomsPDP
[ServiceThread-41,isPermittedImpl:225] Attribute passed:
/test_vo_mysql/Role=VO-Admin
2008-08-14 12:16:18,535 DEBUG impl.VomsPDP
[ServiceThread-41,isPermittedImpl:242] VO test_vo_mysql
2008-08-14 12:16:18,537 DEBUG impl.VomsPDP
[ServiceThread-41,isPermittedImpl:256] calling checkCallAndContent on PDP
impl
2008-08-14 12:16:18,538 INFO impl.VomsPDP
[ServiceThread-41,checkCallAndContent:313] PeerIdentity =
/O=Grid/OU=GlobusTest/OU=
simpleCA-sukeshini.cdacb.ernet.in/OU=cdacb.ernet.in/CN=Arpit Jain
2008-08-14 12:16:18,538 INFO impl.VomsPDP
[ServiceThread-41,checkCallAndContent:314] operation = {
http://webservices.vlescience.org/deployment}deploy
2008-08-14 12:16:18,540 INFO impl.VomsPDP
[ServiceThread-41,checkCallAndContent:317] attribute:
/test_vo_mysql/Role=VO-Admin
2008-08-14 12:16:18,546 DEBUG impl.VomsPDP [ServiceThread-41,combine:390] dn
OR attr are in positive policy, 'other' returns not applicable
2008-08-14 12:16:18,547 INFO impl.VomsPDP
[ServiceThread-41,isPermittedImpl:283] ACCEPTED: Operation {
http://webservices.vlescience.org/deployment}deploy called by subject:
/O=Grid/OU=GlobusTest/OU=
simpleCA-sukeshini.cdacb.ernet.in/OU=cdacb.ernet.in/CN=Arpit Jain
2008-08-14 12:16:18,550 INFO impl.DeploymentService
[ServiceThread-41,logCredentials:47] credential:
[Ljava.security.cert.X509Certificate;
2008-08-14 12:16:18,552 INFO impl.DeploymentService
[ServiceThread-41,logCredentials:47] credential:
org.globus.voms.impl.VomsCredentialInformation
2008-08-14 12:16:18,552 INFO impl.DeploymentService
[ServiceThread-41,logCredentials:66] VO test_vo_mysql
2008-08-14 12:16:18,553 INFO impl.DeploymentService
[ServiceThread-41,logCredentials:69]
Roles /test_vo_mysql/Role=VO-Admin
I guess it is reading the PolicyFile correctly but not using the attributes
"ID" defined in it to authorize. I think PIP is taking only
"/test_vo_mysql/Role=VOAdmin" FQAN from proxy? It is not taking the
attribute "ID".
Any idea how to do that?
Thanks
Arpit
