On Tue, 05 Jun 2007 10:06:18 +0200 Vincenzo Ciaschini <[EMAIL PROTECTED]> wrote:
> Bassem Nasser wrote: > > > Hi > > > > I am looking for the information extracted by VOMS plugins. I could find > > only the FQANs, host:port and VO. > > But I am interested in the voms server DN and not just the host:port name. > > > > Is there a way to get the voms extension issuer DN rather than just the > > host:port information? > > Yes. That information is included in the AC. Since you are using Java, > you may want to look at VOMSAttribute.getIssuer() and > VOMSAttribute.getIssuerX509(). > > Ciao, > Vincenzo > Thanks Vincenzo. We will extend the VomsCredentialInformation object to contain this but for now you'd to edit the PIP to get this from the parser directly. Tim > > > > > > Regards > > Bassem > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > > Of Tim Freeman > > Sent: 31 May 2007 16:15 > > To: [EMAIL PROTECTED] > > Cc: [email protected]; [EMAIL PROTECTED] > > Subject: Re: [gt-user] VOMS and Globus > > > > On Thu, 31 May 2007 09:24:47 -0400 > > "Tom Scavo" <[EMAIL PROTECTED]> wrote: > > > > > >>[adjusting target mailing lists] > >> > >>On 5/31/07, Bassem Nasser <[EMAIL PROTECTED]> wrote: > >> > >>>I am looking for documentation about VOMS authorization plugins. > >>>I found only this page http://dev.globus.org/wiki/VOMS but it is not > >>>a development guide, it doesn't show: > >>> > >>>- how the PIP and PDP works > >>>- how the VOMS credentials are returned from the VOMS PIP? What format? > >>>- what if I want to use another PDP? > >> > >>Sorry, I can answer only your last question. GridShib for GT v0.5.2 > >>introduces a PDP with combined VOMS functionality. This is described > >>in the docs > >> > >>http://gridshib.globus.org/docs/gridshib-gt-0.5.2/admin-index.html > >> > >>and implemented in the following interceptor: > >> > >>http://viewcvs.globus.org/viewcvs.cgi/gridshib/gt/interceptors/java/so > >>urce/src/org/globus/gridshib/gt/authorization/ShibbolethPDP.java?view= > >>log > > > > > > Hello, > > > > If you want to develop against the GT development release instead of > > GT4.0.x, please tell us because much has changed there, this mail assumes > > you are working with GT4.0.x. > > > > Tom's link is a little complicated of an example since it uses reflection in > > order to run without needing the VOMS interceptors installed. > > > > Instead I would suggest looking at the sample PDP code in the VOMS package, > > it is fairly simple. Here is a general developer introduction to PIPs and > > PDPs: > > > > http://www-128.ibm.com/developerworks/grid/library/gr-gt4auth/ > > > > Understanding the examples there should mean you have the majority of what > > you need to know to develop with the VOMS and most other interceptors > > (excluding the authorization mechanism specific things you would need to > > know). > > > > The VOMS PIP and sample PDP are straightforward to follow once understanding > > that simple model (as opposed to something more complicated like GridShib). > > > > If the VOMS PIP is configured in the authorization chain its > > collectAttributes method is invoked. If the VOMS PDP is also configured, > > its isPermitted method is invoked. The PIP and PDP are not dependent on each > > other for compiling or running, but the PIP will deposit VOMS attributes > > into the MessageContext by way of the caller's public credentials. So when > > you say "returned" by the PIP, that is not quite what is happening, the PIP > > instead places the information where other classes (including services) can > > access it. > > > > Here is the stored object, houses mainly an ordered list of Strings (the > > VOMS attribute strings): > > > > > > http://viewcvs.globus.org/viewcvs.cgi/workspace/vm/plugins/authz/voms/src/or > > g/globus/voms/impl/VomsCredentialInformation.java?revision=1.1&view=markup > > > > The PIP and sample PDP can be found here: > > > > > > http://viewcvs.globus.org/viewcvs.cgi/workspace/vm/plugins/authz/voms/src/or > > g/globus/voms/impl/ > > > > Creating another PDP should be straightforward, copy code from the VomsPDP > > class at that link, in particular this retrieval part: > > > > AttributeInformation info = null; > > Set credSet = peer.getPublicCredentials(); > > Iterator creds = credSet.iterator(); > > while (creds.hasNext()) { > > Object o = creds.next(); > > if (o instanceof AttributeInformation) { > > info = (AttributeInformation) o; > > break; > > } > > } > > > > Vector rolesVector = null; > > VomsCredentialInformation vomsinfo = null; > > if (info == null) { > > logger.info("cannot retrieve credential info from message > > context"); > > } else { > > if (!(info instanceof VomsCredentialInformation)) { > > throw new Exception("credenital info from " + > > "message context is not VOMS: incompatible PIP"); > > } else { > > vomsinfo = (VomsCredentialInformation) info; > > } > > > > rolesVector = vomsinfo.getAttrs(); > > } > > > > > > > > If you have any specific questions, don't hesitate to ask here. > > > > If you have requirements that these classes and interfaces don't satisfy, > > please tell us because we can probably help solve issues and/or change > > things for the next release to accomodate new requirements if that is > > necessary. > > > > Tim > > > > > > > >>Hope this helps, > >>Tom > >> > > > > > > > > ----------------------------------------- > > Tim Freeman - [EMAIL PROTECTED] > > http://www-unix.mcs.anl.gov/~tfreeman/ > > Grid Search: http://www.gridindex.org > > > > > ----------------------------------------- Tim Freeman - [EMAIL PROTECTED] http://www-unix.mcs.anl.gov/~tfreeman/ Grid Search: http://www.gridindex.org
