Hi,
I am using GT 4 , The error i am getting is occur when i use delegation:
Ok the Scenarios is :
I have a service with delegation enabled using security descriptor as
<methodAuthentication>
<method name="CreateActivity">
<run-as value="caller"/>
</method>
</methodAuthentication>
in the method of CreateActivity i used
SecurityManager.getManager().setServiceOwnerFromContext(); before invocation of other service.
the client part is :
((Stub) besFactory)._setProperty(Constants.GSI_SEC_CONV,
Constants.SIGNATURE);
((Stub) besFactory)._setProperty(GSIConstants.GSI_MODE,
GSIConstants.GSI_MODE_FULL_DELEG);
((Stub) besFactory)._setProperty(Constants.AUTHORIZATION,
HostAuthorization.getInstance());
----------------------------------
First Invocation : *Works fine ----*
In 2nd Invocation I recieved the error (ON CLIENT Side) that Expected
"/CN=host/napoletana.pdc.kth.se" target but received
"/O=Grid/OU=GlobusTest/OU=simpleCA-napoletana.pdc.kth.se/OU=pdc.kth.se/CN=globus-bes":
Which seems that now service is running with the delegated credentials
of user, and since in the client i used HOSTAuthorzation, it did not
work :
Notes : (excerpt from previous discussion )
As If we do a setServiceOwnerFromContext() the delegated credential is set as
the resource credential. So we are bound to get a different DN. Right
The client connects the first time, expecting a hostcert, gets it. The
service gets a delegated cred, then runs as the caller. But then you
have the client still *expecting a hostcert*, even after it has delegated
and the service is running under its own identity. *( that is exact what is
happening) *
Questions :
So, either I should not have the service run as the caller *(If Yes than how
Delegation will works ??)*
, or have the client expect its own identity after it has delegated. *(How to
switch back ?).*
regards
Zeeshan
