Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Adding workflows with screenshots for both demonstrators

...

  1. a simple PHP program showing the basic API and handshake, with a possibility to execute the same demonstrator code. The code additionally shows how to integrate with VOMS or how to specify a specific IdP at the WAYF.
  2. a simple Science Gateway allowing access to a gsiftp-enabled storage service (a test dCache instance, https://prometheus.desy.de/). This shows how X.509-based storage elements can be accessed using a science gateway, where authorization is based on VOMS attributes (group membership etc.).

Demonstrator workflows

Basic demo:

1.select one of the login pages, e.g. run VOMS demo to get a proxy certificate with VOMS attributesImage Added
2.choose your home IdP at the WAYF of the RCauth online CAImage Added
3.login at your home IdPImage Added
4.give consent at the RCauth online CA for attribute releaseImage Added
5a.The demo shows the returned OpenID Connect information and ...Image Added
5b.... obtains a proxy, showing its informationImage Added

GSIFTP demo:

1.Read the information about the demonstrator and choose to log in either with or without VOMS attributesImage Added
2.choose your home IdP at the WAYF of the RCauth online CAImage Added
3.login at your home IdPImage Added
4.give consent at the RCauth online CA for attribute releaseImage Added
5.choose to browse the remote dCache storage element (only works once you have access to the rcdemo VO, drop us a line to request access).Image Added
6go to the VO home directory for rcdemo.Image Added

 

Components

  • RCauth.eu online CA is based on CILogon-software from the US-based CILogon project. A few adaptations had to be made to conform to European privacy regulations. The backend CA is based on a myproxy-server with an eToken as simple HSM plus some extra software to run the CA on a separate network.
  • The Master Portal is also based on the same software, implementing simultaneously an OA4MP client and server plus glue to connect the two. It has a backend myproxy-server for credential caching.

...