Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding support for SciTokens https://scitokens.org/ #69

Merged
merged 26 commits into from Jul 24, 2020

Conversation

ag012
Copy link
Contributor

@ag012 ag012 commented Jan 7, 2020

No description provided.

jbasney
jbasney approved these changes Jan 7, 2020
Copy link
Member

@jbasney jbasney left a comment

Thanks @ag012! I submitted a corresponding XSEDE activity for this feature at https://software.xsede.org/display/xci-694.

@@ -30,6 +30,7 @@ BuildRequires: libtool-ltdl-devel
BuildRequires: checkpolicy
BuildRequires: policycoreutils-python
BuildRequires: python-setuptools
BuildRequires: scitokens-cpp
Copy link
Member

@jbasney jbasney Jan 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The scitokens-cpp package can be built from source (https://github.com/scitokens/scitokens-cpp) or RPMs are available from OSG (https://opensciencegrid.org/docs/common/yum/) and soon from EPEL (https://src.fedoraproject.org/rpms/scitokens-cpp).


Payload format for Scitokens:
"scope": “ssh:username",
"aud": "demo.scitokens.org"
Copy link
Member

@jbasney jbasney Jan 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the audience (aud) is the hostname of the SSH server, based on the gethostname() call in scitoken_verify().

@ag012
Copy link
Contributor Author

@ag012 ag012 commented Jan 14, 2020

What is auth_method? Is it already split by space?
auth_method is a member of config. config is a struct preprocessed in config.c

Probably just need this to be "break", since it will break out of the loop right to the goto statement.
Thanks for the comment. I've change that to break.

@ag012
Copy link
Contributor Author

@ag012 ag012 commented Jan 14, 2020

Note that rewrite _cmd_login 78f9c13 added a non-optional configuration field and it should be mentioned outside of the scitokens section in readme

@rpwagner
Copy link

@rpwagner rpwagner commented Jan 30, 2020

Thanks @ag012! I submitted a corresponding XSEDE activity for this feature at https://software.xsede.org/display/xci-694.

@jbasney this may be both overly pedantic and not be the right place to discuss this, but on the XSEDE activity the term "proprietary" seems inappropriate for Globus Auth OAuth 2.0 Tokens. They're opaque bearer tokens based on IETF RFC 7662. Opaque is not the same as proprietary.

@jbasney
Copy link
Member

@jbasney jbasney commented Jan 30, 2020

@jbasney this may be both overly pedantic and not be the right place to discuss this, but on the XSEDE activity the term "proprietary" seems inappropriate for Globus Auth OAuth 2.0 Tokens. They're opaque bearer tokens based on IETF RFC 7662. Opaque is not the same as proprietary.

I'm happy to be corrected. It's my understanding that only tokens issued by globus.org are currently accepted by oauth-ssh, but I agree it should be possible to support any issuers of opaque bearer tokens that comply with RFC 7662 by adding a few new oauth-ssh configuration options. I opened issue #70 for it. In that case, I'd agree the term "proprietary" would no longer be appropriate.

In any case, I removed "proprietary" from the description at https://software.xsede.org/display/xci-694.

@rpwagner
Copy link

@rpwagner rpwagner commented Jan 30, 2020

Thanks, Jim. I'll contribute to #70. Well, participate, at least.

@JasonAlt
Copy link
Collaborator

@JasonAlt JasonAlt commented Jul 21, 2020

If this is ready approved and ready for merge, it'll need the 'draft' flag changed.

@jbasney
Copy link
Member

@jbasney jbasney commented Jul 22, 2020

Who can remove the draft flag? Here's what I see:

image

@ag012 ag012 marked this pull request as ready for review Jul 22, 2020
@JasonAlt JasonAlt merged commit ed8aee6 into XSEDE:master Jul 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants