Re: [gt-user] Removing "" principal at GSISecureConversation

Fri, 08 Aug 2008 04:53:08 -0700 

I found the problem... my fault.
I found out that it was working perfectely with "-nosec", so without transport 
level security. However, when I turned it on, the problem occurred.

I just forgot to call
org.globus.axis.util.Util.registerTransport()
in my client...

bye
Philip

On Thursday 07 August 2008 18:20:49 Philip Masser wrote:
> Hi everybody!
>
> I'm have a problem getting GSI Secure Conversation to work properly
> (actually together with OGSA-DAI, but the problem is in GT).
> I set up the server and client security descriptors for GSI Secure
> Conversation with privacy and full delegation. In a test service, I print
> misc security info, among others the caller subject. The output looks like
> this:
> [...] The caller is:<anonymous>
> [...] Subject:
>         Principal: <anonymous>
>         Principal: /C=AT/O=AustrianGrid/OU=FHV/OU=fhv/CN=Philip Masser
>         Public Credential: [Ljava.security.cert.X509Certificate;@1e13ce3
>         Private Credential:
> [EMAIL PROTECTED]
>
> As you can see, the subject has a "<anonymous>" principal plus the DN,
> certificate, and credentials for delegation.
>
> The problem is that I can't get rid of this "<anonymous>"... OGSA-DAI
> always takes the first principal (like SecurityManager.getCaller()) to get
> the DN of the caller...
>
> here's my server-security config:
> <securityConfig xmlns="http://www.globus.org";>
>    <auth-method>
>      <GSISecureConversation>
>         <protection-level>
>           <privacy/>
>         </protection-level>
>      </GSISecureConversation>
>    </auth-method>
>    <run-as>
>       <caller-identity/>
>    </run-as>
>    <authz value="none"/>
> </securityConfig>
> ----------------
>
> at client side, I tried this code:
>         ((Stub)port)._setProperty(Constants.GSI_SEC_CONV,
> Constants.ENCRYPTION);
>         ((Stub)port)._setProperty(GSIConstants.GSI_MODE,
> GSIConstants.GSI_MODE_FULL_DELEG);
>         ((Stub)port)._setProperty(Constants.AUTHORIZATION, new
> IdentityAuthorization("..."));
>         ((Stub)port)._setProperty(Constants.GSI_SEC_CONV_ANON,
> Boolean.FALSE); ((Stub)port)._setProperty(Constants.GSI_ANONYMOUS,
> Boolean.FALSE); ---------------
>
> and this security descriptor:
> <securityConfig xmlns="http://www.globus.org";>
>     <authz value="..."/>
>     <GSISecureConversation>
>         <privacy/>
>         <delegation value="full"/>
>     </GSISecureConversation>
> </securityConfig>
> ----------------
>
> with the same result...
> I'm using GT 4.0.6
>
> thanks in advance
> Philip

Reply via email to