Difference between revisions of "OAuth for MyProxy GetProxy Endpoint"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 40: Line 40:
 
| style="width: 25%;" |voname
 
| style="width: 25%;" |voname
 
| style="width: 33%;" |OPTIONAL
 
| style="width: 33%;" |OPTIONAL
| Specifies one or more VOs to connect to for membership information. The VO name can be followed by additional groups and roles. (see 'man voms-proxy-init' under -voms)
+
| Specifies one or more VOs to connect to for membership information. The VO name can be followed by additional groups and roles. (Same format as for the ''-voms'' option to ''voms-proxy-init'', see ''man voms-proxy-init'').
  
 
|-
 
|-
 
| style="width: 25%;" |vomses
 
| style="width: 25%;" |vomses
 
| style="width: 33%;" |OPTIONAL
 
| style="width: 33%;" |OPTIONAL
| Specifies VOMS server information under 'vomses' file format
+
| Specifies VOMS server information in 'vomses' file format.
  
 
|}
 
|}
  
Just like in case of GetCert, the access_token, client_id and client_secret parameters are there to ensure the authenticity of the request. Note that the 'certreq' parameter, containing the Certificate Signing Request (CSR), is no longer sent along in the request. Instead, a new keypair and CSR are created on the server side and used in the subsequent MyProxy GET request. The motivation behind this change is to take the burden of key generation off the OA4MP Client, thus making it more lighweight and easily adaptable by different communities.
+
Just as for the GetCert endpoint, the access_token, client_id and client_secret parameters are there to ensure the authenticity of the request. Note that the 'certreq' parameter, containing the Certificate Signing Request (CSR), is not required. Instead, a new keypair and CSR are created on the server side and used in the subsequent MyProxy GET request. The motivation behind this change is to take the burden of key generation off the OA4MP Client, thus making it more lightweight and easier to adopt by different communities.
  
Requesting a VOMS Proxy Certificate can be done by using the 'voname' and 'vomses' request parameters. These parameters are passed as they are to the subsequent [http://grid.ncsa.illinois.edu/myproxy/protocol/ MyProxy GET] request.
+
Requesting a VOMS Proxy Certificate can be done by using the 'voname' and 'vomses' request parameters. These parameters are passed as-is to the [http://grid.ncsa.illinois.edu/myproxy/protocol/ MyProxy GET] request executed by the MasterPortal.
  
'''Note:''' The VOMSES string is useful in scenarios where the user would like to get membership information from a VOMS server which is not configured in the backend MyProxy Server 'vomses' file (see 'man myproxy-server.config' under 'voms_userconf').
+
'''Note:''' The VOMSES string is useful in scenarios where the user would like to get membership information from a VOMS server which is not configured locally in the back-end MyProxy Server (in its 'vomses' file, see 'man myproxy-server.config' under 'voms_userconf').
  
 
=== Example Request ===
 
=== Example Request ===

Revision as of 15:37, 2 September 2019