RCauth Delegation Server & MasterPortal - Credential Lifetimes
From PDP/Grid Wiki
Introduction
The scenario described by the RCAuth.eu setup deals with certificates no multiple levels. The credential released to the Service Provider Portal (Science Gateway) is a certificate chain containing : a short lived proxy certificate, a long lived proxy certificate, and an end entity certificate. All three certificates can be created with a different lifetime, therefore lifetime configurations within this setup can be confusing. This page is dedicated to explaining every lifetime configuration you might encounter in the RCAuth.eu setup, with explanation about their location, default value and function.
Short Lived Proxy
The lifetime of a Short Lived Proxy Certificate is determined by the following set of configurations.
Component | Sub-Component | Name | Default | Location | Description |
Client Portal | - | proxylifetime | - | /getproxy request | Client requested lifetime value. |
Master Portal | MP Server | defaultLifetime | 12h | MP Server configuration | In case of missing proxylifetime from the /getproxy request, this value is used to request a short lived proxy. |
Master Portal | MP Server | max_proxy_lifetime - tolerance | 11d - 1d | MP Server configuration | Used within LifetimeValidator for validating the requested proxy lifetime value. These values are only used for validation and they do not SET any the effective proxy lifetime. The max_proxy_lifetime value should match the value of the lifetime configuration with the same name in the Credential Store. |
Master Portal | Credential Store | max_proxy_lifetime | 11d | Credential Store configuration | Server side maximum enforced by the MyProxy Store on every released proxy. This should match the value of the MP Server configuration with the same name. |
Long Lived Proxy
Component | Sub-Component | Name | Default | Location | Description |
Master Portal | MP Client | lifetime | 11d | zxc | zxc |
End Entity Certificate
Component | Sub-Component | Name | Default | Location | Description |
Master Portal | MP Client | lifetime | 11d | zxc | zxc |
Delegation Server | Delegation Server | - | 10d | zxc | zxc |
Delegation Server | Online CA | MAX_LIFETIME | 11d | zxc | zxc |