Hi everybody! I'm have a problem getting GSI Secure Conversation to work properly (actually together with OGSA-DAI, but the problem is in GT). I set up the server and client security descriptors for GSI Secure Conversation with privacy and full delegation. In a test service, I print misc security info, among others the caller subject. The output looks like this: [...] The caller is:<anonymous> [...] Subject: Principal: <anonymous> Principal: /C=AT/O=AustrianGrid/OU=FHV/OU=fhv/CN=Philip Masser Public Credential: [Ljava.security.cert.X509Certificate;@1e13ce3 Private Credential: [EMAIL PROTECTED]
As you can see, the subject has a "<anonymous>" principal plus the DN, certificate, and credentials for delegation. The problem is that I can't get rid of this "<anonymous>"... OGSA-DAI always takes the first principal (like SecurityManager.getCaller()) to get the DN of the caller... here's my server-security config: <securityConfig xmlns="http://www.globus.org"> <auth-method> <GSISecureConversation> <protection-level> <privacy/> </protection-level> </GSISecureConversation> </auth-method> <run-as> <caller-identity/> </run-as> <authz value="none"/> </securityConfig> ---------------- at client side, I tried this code: ((Stub)port)._setProperty(Constants.GSI_SEC_CONV, Constants.ENCRYPTION); ((Stub)port)._setProperty(GSIConstants.GSI_MODE, GSIConstants.GSI_MODE_FULL_DELEG); ((Stub)port)._setProperty(Constants.AUTHORIZATION, new IdentityAuthorization("...")); ((Stub)port)._setProperty(Constants.GSI_SEC_CONV_ANON, Boolean.FALSE); ((Stub)port)._setProperty(Constants.GSI_ANONYMOUS, Boolean.FALSE); --------------- and this security descriptor: <securityConfig xmlns="http://www.globus.org"> <authz value="..."/> <GSISecureConversation> <privacy/> <delegation value="full"/> </GSISecureConversation> </securityConfig> ---------------- with the same result... I'm using GT 4.0.6 thanks in advance Philip
