Project

General

Profile

Feature #5936

Include certificate delegation inside Metacat

Added by ben leinfelder about 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Category:
-
Target version:
Start date:
05/17/2013
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:

Description

Like the d1_portal, we want to be able to have users authenticate with their preferred Identity Provider via the browser and let the webapp handle their certificate. Any future requests coming from that session will have their client certificate attached to the request before Metacat processes it (for access control considerations, etc).

I think we can base this on the current d1_portal project and then build in the lightweight delegation servlet in Metacat. This will give us control over the UI for authenticating users and allow Metacat to transparently use certificate-based authentication without requiring users to directly handle certificate objects themselves.


Related issues

Related to Metacat - Feature #6034: Simplify configuration for certificate delegationNew07/09/2013

History

#1 Updated by ben leinfelder about 6 years ago

Here's the documentation for MyProxy that I was using to set this all up: http://grid.ncsa.illinois.edu/myproxy/oauth/client/

#2 Updated by ben leinfelder almost 6 years ago

There's now the package "edu.ucsb.nceas.metacat.portal" that does the authentication delegation. You start a request and then are routed back to the success servlet when authentication is complete. At that point, your client certificate is available in the asset store for use in subsequent calls.

#3 Updated by ben leinfelder almost 6 years ago

  • Status changed from New to In Progress
  • Tracker changed from Bug to Feature

Aside from making the myProxy configuration easier, this is done. It does require a bit of administration from registering the server with CILogon, generating a pk8 key and configuring it in the xml config file, but that is unavoidable.

It would be good to pull in another release of d1-portal once that project starts utilizing the 1.7.x MyProxy libraries (soon to be released). That's a two-hop dependency issue!

#4 Updated by ben leinfelder almost 6 years ago

  • Status changed from In Progress to Closed

Also available in: Atom PDF