OpenID

From T2B Wiki
Revision as of 08:02, 9 May 2023 by Admin (talk | contribs) (Created page with "Grid facilities in general and CMS in particular ar slowly moving from a certificate/proxy based authentication towards an OpenID/token based authentication[BR] This page explains how to use them yourself at T2B == Getting an OpenID identity == * Go the CMS IAM service at https://cms-auth.web.cern.ch/ and log in * At the left, you can see you active tokens. At the moment, you have none. * Go to the M machines and issue the following command: <pre> oidc-gen --iss https://...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Grid facilities in general and CMS in particular ar slowly moving from a certificate/proxy based authentication towards an OpenID/token based authentication[BR] This page explains how to use them yourself at T2B

Getting an OpenID identity

  • Go the CMS IAM service at https://cms-auth.web.cern.ch/ and log in
  • At the left, you can see you active tokens. At the moment, you have none.
  • Go to the M machines and issue the following command:
oidc-gen --iss https://cms-auth.web.cern.ch/ --scope openid -w device cms-id
  • Follow the onscreen instructions.

For more detailed information about the option available, you can see this page

Register your OpenID identity at T2B

for now, I have no idea on how to do this.You need to tell me when you connect and then I'll be able to

Creating a token

Using your token at T2B

If your ID is registered at T2B and you made a new token, you can now use it easily via the usual 'gfal' commands. [BR] The gfal commands can take on both a proxy and a token depending on a environment variable. In the case of tokens, the varibal can be set in the following way: 

export BEARER_TOKEN=$(oidc-token cms-id)
Retrieved from ‘https://t2bwiki.iihe.ac.be/index.php?title=OpenID&oldid=1312