Difference between revisions of "How To Configure Identities For DILIGENT Services"
| Line 9: | Line 9: | ||
The procedure will ask you the password to decrypt your private key and the password to protect your new myProxyAccount. As myProxyAccount you can use any string still not in use on MyProxy server, or an already existing account, providing the corresponding password. | The procedure will ask you the password to decrypt your private key and the password to protect your new myProxyAccount. As myProxyAccount you can use any string still not in use on MyProxy server, or an already existing account, providing the corresponding password. | ||
| + | |||
| + | (E.g: | ||
| + | java org.globus.tools.MyProxy -host grids02.eng.it \ | ||
| + | -l roccetti put -cert certs/roccettiCert.pem -key certs/roccettiKey.pem | ||
| + | |||
| + | ) | ||
| + | |||
| + | |||
| + | ==Create a new Credentials Renewal account== | ||
| + | |||
| + | In order to enable the credentials delegation you have to create an account to the credentials renewal service that contains the information to contact the MyProxy repository. | ||
| + | This can be done through the command line interface provided by the org.diligentproject.dvos.credentials-renewal-api component. | ||
| + | To use this command line interface you need to include dvos.credentials-renewal-api.jar and dvos.credentials-renewal-stubs.jar in your classpath. | ||
| + | |||
| + | To create a new account corresponding to a valid MyProxy account you can use the command: | ||
| + | |||
| + | <code>java org.diligentproject.dvos.credentialRenewal.ui.CredentialRenewalUI -createMyProxyAccount...</code> | ||
| + | |||
| + | |||
(E.g: | (E.g: | ||
Revision as of 18:05, 9 August 2007
This page contains useful information for DILIGENT administrators about how to provides deployed services with a valid identity to operates in the DILIGENT infrastructure.
Delegate credentials to MyProxy
Use following command to delegate credentials to MyProxy:
java org.globus.tools.MyProxy -host grids02.eng.it -l yourMyProxyUsername \ put -cert yourPublicCert.pem -key yourPrivateKey.pem
The procedure will ask you the password to decrypt your private key and the password to protect your new myProxyAccount. As myProxyAccount you can use any string still not in use on MyProxy server, or an already existing account, providing the corresponding password.
(E.g:
java org.globus.tools.MyProxy -host grids02.eng.it \ -l roccetti put -cert certs/roccettiCert.pem -key certs/roccettiKey.pem
)
Create a new Credentials Renewal account
In order to enable the credentials delegation you have to create an account to the credentials renewal service that contains the information to contact the MyProxy repository. This can be done through the command line interface provided by the org.diligentproject.dvos.credentials-renewal-api component. To use this command line interface you need to include dvos.credentials-renewal-api.jar and dvos.credentials-renewal-stubs.jar in your classpath.
To create a new account corresponding to a valid MyProxy account you can use the command:
java org.diligentproject.dvos.credentialRenewal.ui.CredentialRenewalUI -createMyProxyAccount...
(E.g:
java org.globus.tools.MyProxy -host grids02.eng.it \ -l roccetti put -cert certs/roccettiCert.pem -key certs/roccettiKey.pem
)
Set-up a credentials renewal task
Now you have to instruct the CredentialsRenewal service to periodically get selected credentials from MyProxy and delegate it to a service. You can do this with the following command:
java org.diligentproject.dvos.credentialRenewal.ui.CredentialRenewalUI \ -proxyFile:yourProxyFile \ -serviceUrl:http://grids15.eng.it:8080/wsrf/services/diligentproject/dvos\ /credentialsRenewal/CredentialsRenewalService \ -addCredentialsRenewal -userName:yourMyProxyUsername -password: yourMyProxyPassword \ -credentialsID:org/diligentproject/yourSubsystem/yourService \ -period:5 \ -delegationServiceURL:http://yourHostName:8080/wsrf/services/diligentproject/dvos\ /delegation/DelegationService
To perform this command you have to provide a valid proxyFile containing the Credentials-Manager role. You can get such a certificate contacting the VOMS server on grids10 using the command:
voms-proxy-init -cert yourPublicCert.pem -key yourPrivateKey.pem \ -out yourProxyFile -voms test_diligent:/diligent/Role=Credentials-Manager
Then selected credentials will be periodically delegated to a service.
