You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In testing of rucio upload, I've sporadically hit cases where:
In a sequence of REST API calls, one call requires the client to retrieve a new Rucio token.
The client will contact the token issuer endpoint to retrieve a new token.
Since the client reuses the session object, an existing SSL session may be utilized.
If the existing SSL session wasn't created with an X509 user proxy (or established via TLS session reuse), then mod_gridsite isn't able to pass along the appropriate headers about the client DN.
Without the client DN, the issuer (correctly) refuses to issue a new token.
Modification
Whenever the client receives an authorization failure, it should create a new session object prior to retrying the token retrieval.
The text was updated successfully, but these errors were encountered:
Motivation
In testing of
rucio upload
, I've sporadically hit cases where:mod_gridsite
isn't able to pass along the appropriate headers about the client DN.Modification
Whenever the client receives an authorization failure, it should create a new session object prior to retrying the token retrieval.
The text was updated successfully, but these errors were encountered: