Skip to content

Instantly share code, notes, and snippets.

View andreaceccanti's full-sized avatar

Andrea Ceccanti andreaceccanti

View GitHub Profile

Keybase proof

I hereby claim:

  • I am andreaceccanti on github.
  • I am andreaceccanti (https://keybase.io/andreaceccanti) on keybase.
  • I have a public key ASAjMuawZd0I9FLqw0FuWSmyFPLMsBrooAodO7p7kT_PJgo

To claim this, I am signing this object:

@andreaceccanti
andreaceccanti / dc-get-access-token.sh
Last active February 20, 2020 14:42
A get-access-token script that uses the OAuth device code flow
#!/bin/bash
set -e
exit_msg() {
echo "Giving up as requested by user..."
exit 1
}
if [[ -z "${IAM_DEVICE_CODE_CLIENT_ID}" ]]; then
echo "Please set the IAM_DEVICE_CODE_CLIENT_ID env variable"
oidc:
providers:
- name: google
issuer: https://accounts.google.com
client:
clientId: ${IAM_GOOGLE_CLIENT_ID}
clientSecret: ${IAM_GOOGLE_CLIENT_SECRET}
redirectUris: ${iam.baseUrl}/openid_connect_login
scope: openid,profile,email,address,phone
loginButton:
@andreaceccanti
andreaceccanti / token-based-authn-wlcg-doma-proposal.md
Last active October 2, 2019 07:03
Tokeb based authn/z for WLCG RUCIO/FTS/SEs

RUCIO/FTS TPC scenario (service identity, capability-based authz)

In this scenario, RUCIO and FTS managed transfers using their service identity.

The chain of services is

RUCIO -> FTS -> SE1, SE2

RUCIO wants to trigger transfer of file /cms/example from SE1 to SE2.

VOMS REST API documentation

VOMS implements a REST API that can be used to get a VOMS attribute certificate.

API endpoint

https://<voms.host>:<voms.port>/generate-ac

Authentication requirements