-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing concrete configuration details/examples for WLCG/IAM tokens #6607
Comments
Very basic documentation for oidc plugin is available, but it doesn't really describe all details and configuration options that must be used for real storage with token support configuration. Also |
Just an update here. I think the gPlazma documentation is a little, err, "conflicted" at the moment. A general philosophy is that "The Book" would contain (amongst other things) three kinds of material:
I think this documentation is currently more the cookbook-style documentation. It is good that this exists, but could (still) be improved.
On a related note, I recently added the reference documentation for the
I agree. This is (personally) a long-term goal to get rid of storage-authzdb, but I think we may need some support scripts to handle migrating sites before we can drop the gPlazma plugin altogether. In any case, I would say this topic should be recorded as a different issue. |
Thanks, I missed new oidc plugin reference, looks good and provides a quicker overview of plugin configuration than my previous method of studying source code. You already wrote stoarge-authzdb to omnisession migration script and if I ignore issue that it is currently impossible to specify target omnisession file dcache/skel/sbin/dcache-convert-authzdb-to-omnisession Lines 69 to 71 in e80d893
(second parameter should use $2 and not $1 ) this seems to me usable for session authzdb -> session omnisession . It should not be very difficult to have something similar for map authzdb -> map multimap . Unfortunately it's too late with these changes for ongoing/upcoming token reconfiguration campaign.
|
Thanks for reporting the problem with the migration script. I've created a separate issue to track the progress on fixing this. The work on that migration script largely stalled due to a lack of testing: I didn't want to recommend something that I hadn't properly verified worked correct. If you (@vokac ) were able to help with the testing the script then I think we can make progress in migrating people away from using the |
The current gplazma documentation is insufficient to understand how to configure dCache to support tokens.
In addition, example configuration that shows how to configure dCache to work with Indigo-IAM-issued WLCG profile would be helpful.
The text was updated successfully, but these errors were encountered: