Skip to content

Instantly share code, notes, and snippets.

@andreaceccanti

andreaceccanti/voms-rest-api.md

Last active September 10, 2020 13:55
Show Gist options
  • Save andreaceccanti/6c48c148fff5eb020928e38e9bb9e723 to your computer and use it in GitHub Desktop.
Save andreaceccanti/6c48c148fff5eb020928e38e9bb9e723 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
voms-rest-api.md

VOMS REST API documentation

VOMS implements a REST API that can be used to get a VOMS attribute certificate.

API endpoint

https://<voms.host>:<voms.port>/generate-ac

Authentication requirements

Clients must authenticate with a valid X.509 certificate or proxy certificate signed by a CA trusted by the VOMS server.

GET /generate-ac

Generates an attribute certificate for the authenticated client.

Parameters

Name Required Description Example
fqans No A comma-separated list of requested VOMS FQANs /dteam/Role=VO-Admin,/dteam/Role=Test
lifetime No A suggested validity for the generated attribute certificate, in seconds lifetime=43200

Response

A VOMS XML response. The response structure is unchanged from the legacy VOMS protocol, i.e. an XML document like the following:

<?xml version="1.0" encoding="UTF-8" standalone="no"?><voms><ac>MIIMPTCCCyUC....CBADOOqQ=</ac></voms>

Example request

$ curl --capath /etc/grid-security/certificates/ --cert /tmp/x509up_u501 --key /tmp/x509up_u501 https://voms-escape.cloud.cnaf.infn.it:15000/generate-ac
<?xml version="1.0" encoding="UTF-8" standalone="no"?><voms><ac>MIIMPTCCCyUC....CBADOOqQ=</ac></voms>

$ curl --capath /etc/grid-security/certificates/ --cert /tmp/x509up_u501 --key /tmp/x509up_u501 https://voms2.hellasgrid.gr:15004/generate-ac?fqans=/wrong-fqan
<?xml version="1.0" encoding="UTF-8"?><voms><error><code>BadRequest</code><message>dteam: Unable to satisfy G/wrong-fqan request!</message></error></voms>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment