Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
webdav: update default credential delegation for third-party copy
Motivation: A third-party transfer may require authorisation; i.e., the pool may require a credential. If specified, the 'Credential' HTTP header controls where this credential comes from. If not specified then some default policy is used. The current default policy is based on the transfer protocol: the protocol used by the pool to obtaining or send the file. For 'https' transfers, the default is to use GridSite delegation, unless the client used some bearer token, in which case OpenID-Connect delegation is used. If the client uses a macaroon to authorise the third-party copy then the request has a bearer token, but OpenID-Connect delegation cannot work -- therefore the default behaviour is broken. Modification: Update the default policy to base the decision on how the user is authenticated: OpenID-Connect --> use OpenID-Connect delegation X.509 --> use GridSite delegation anything else --> does not fetch a credential. As before, the client may override this by specifying the Credential header. Result: Requesting a third-party copy using a macaroon does not trigger a failed attempt to OpenID-Connect delegation. Target: master Request: 4.2 Request: 4.1 Request: 4.0 Request: 3.2 Ticket: http://rt.dcache.org/Ticket/Display.html?id=9474 Require-notes: yes Require-book: yes Patch: https://rb.dcache.org/r/11093/ Acked-by: Tigran Mkrtchyan
- Loading branch information
1 parent
50b839d
commit fd3e041
Showing
2 changed files
with
28 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters