VOMS implements a REST API that can be used to get a VOMS attribute certificate.
https://<voms.host>:<voms.port>/generate-ac
Andrea Ceccanti andreaceccanti
andreaceccanti
/ voms-rest-api.md
Last active
September 10, 2020 13:55
andreaceccanti
/ token-based-authn-wlcg-doma-proposal.md
Last active
October 2, 2019 07:03
Tokeb based authn/z for WLCG RUCIO/FTS/SEs
andreaceccanti
/ application.yml
Created
January 15, 2019 15:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| oidc: | |
| providers: | |
| - name: google | |
| issuer: https://accounts.google.com | |
| client: | |
| clientId: ${IAM_GOOGLE_CLIENT_ID} | |
| clientSecret: ${IAM_GOOGLE_CLIENT_SECRET} | |
| redirectUris: ${iam.baseUrl}/openid_connect_login | |
| scope: openid,profile,email,address,phone | |
| loginButton: |
andreaceccanti
/ dc-get-access-token.sh
Last active
February 20, 2020 14:42
A get-access-token script that uses the OAuth device code flow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| exit_msg() { | |
| echo "Giving up as requested by user..." | |
| exit 1 | |
| } | |
| if [[ -z "${IAM_DEVICE_CODE_CLIENT_ID}" ]]; then | |
| echo "Please set the IAM_DEVICE_CODE_CLIENT_ID env variable" |
andreaceccanti
/ keybase.md
Created
October 5, 2017 05:18
I hereby claim:
- I am andreaceccanti on github.
- I am andreaceccanti (https://keybase.io/andreaceccanti) on keybase.
- I have a public key ASAjMuawZd0I9FLqw0FuWSmyFPLMsBrooAodO7p7kT_PJgo
To claim this, I am signing this object:
andreaceccanti
/ storm-ptp-cleanup.sql
Last active
September 29, 2017 15:49
StoRM PtP cleanup scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Selects and displays PtP requests that are stuck in progress for one month | |
| SELECT rq.ID, rq.timeStamp, rp.targetSURL, sp.statusCode, sp.explanation | |
| FROM storm_db.request_queue rq, storm_db.request_Put rp, storm_db.status_Put sp | |
| WHERE rq.ID = rp.request_queueID and rp.ID = sp.request_PutID | |
| and rq.status = 18 and rq.timeStamp <= DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL 1 MONTH); | |
| -- Marks PtP requests stuck in progress for one month as expired, so that the StoRM | |
| -- request garbage collector will remove them from the database | |
| UPDATE storm_db.request_queue rq, storm_db.request_Put rp, storm_db.status_Put sp | |
| SET sp.statusCode = 1, sp.explanation = "Request expired.", rq.status = 1 |
andreaceccanti
/ get-access-token.sh
Created
December 13, 2016 13:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| IAM_CLIENT_ID=${IAM_CLIENT_ID:-iam-client} | |
| IAM_CLIENT_SECRET=${IAM_CLIENT_SECRET} | |
| IAM_TOKEN_ENDPOINT=${IAM_TOKEN_ENDPOINT:-https://iam-test.indigo-datacloud.eu/token} | |
| if [[ -z "${IAM_CLIENT_SECRET}" ]]; then | |
| echo "Please provide a client secret setting the IAM_CLIENT_SECRET env variable." | |
| exit 1; |
andreaceccanti
/ README-unauthenticated-client-voms.md
Last active
October 14, 2016 17:40
Check that a VOMS database has the unauthenticated client internal administrator correctly setup
As reported in this ggus-ticket, in certain circumstances VOMS Admin accepts membership requests from users without a valid X.509 certificate.
This has no security impact on the server, but can lead to VO admins receiving membership request with strange user certificate subject, like the following:
![Strange request
This bug:
https://issues.infn.it/jira/browse/STOR-779
prevents the proper cleanup of ongoing PtPs on a surl when srmRm is called on that surl on all StoRM versions >= 1.11.5.
This bug will be fixed in StoRM 1.11.8, scheduled for release on Friday, March 13th 2015.
andreaceccanti
/ run-voms-deployment-test.sh
Created
October 10, 2014 15:04
run voms deployment test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SCRIPT_URL="https://raw.github.com/italiangrid/voms-deployment-test/master/voms-deployment-test.sh" | |
| wget --no-check-certificate $SCRIPT_URL -O voms-deployment-test.sh | |
| chmod +x voms-deployment-test.sh | |
| DB_UPGRADE="no" | |
| if [ "$PERFORM_DATABASE_UPGRADE" = "true" ]; then | |
| DB_UPGRADE="yes" | |
| fi |
NewerOlder