VOMS implements a REST API that can be used to get a VOMS attribute certificate.
https://<voms.host>:<voms.port>/generate-ac
Clients must authenticate with a valid X.509 certificate or proxy certificate signed by a CA trusted by the VOMS server.
Generates an attribute certificate for the authenticated client.
Name | Required | Description | Example |
---|---|---|---|
fqans | No | A comma-separated list of requested VOMS FQANs | /dteam/Role=VO-Admin,/dteam/Role=Test |
lifetime | No | A suggested validity for the generated attribute certificate, in seconds | lifetime=43200 |
A VOMS XML response. The response structure is unchanged from the legacy VOMS protocol, i.e. an XML document like the following:
<?xml version="1.0" encoding="UTF-8" standalone="no"?><voms><ac>MIIMPTCCCyUC....CBADOOqQ=</ac></voms>
$ curl --capath /etc/grid-security/certificates/ --cert /tmp/x509up_u501 --key /tmp/x509up_u501 https://voms-escape.cloud.cnaf.infn.it:15000/generate-ac
<?xml version="1.0" encoding="UTF-8" standalone="no"?><voms><ac>MIIMPTCCCyUC....CBADOOqQ=</ac></voms>
$ curl --capath /etc/grid-security/certificates/ --cert /tmp/x509up_u501 --key /tmp/x509up_u501 https://voms2.hellasgrid.gr:15004/generate-ac?fqans=/wrong-fqan
<?xml version="1.0" encoding="UTF-8"?><voms><error><code>BadRequest</code><message>dteam: Unable to satisfy G/wrong-fqan request!</message></error></voms>