GS-CA deployments and GS-ST - was Re: [gridshib-user] Problem with GridShibCA 0.6.0

Tom Scavo trscavo at gmail.com
Fri Mar 28 14:47:41 CDT 2008 

As mentioned in bugzilla, the problem Giulio discovered in GS-ST can
masked by rewriting the Quick Start:

http://viewcvs.globus.org/viewcvs.cgi/gridshib/gt/doc/quick-start.html?hideattic=0&revision=1.1.2.5&view=markup&pathrev=gridshib_gt_0_6_0_branch

Hope this helps,
Tom

On Wed, Mar 26, 2008 at 8:26 PM, Giulio Galiero <giulio.galiero at eng.it> wrote:
> Going on with the tutorial I found out a bug related to GridShib SAML
>  Tools v. 0.3.2
>  I just submitted the bug to the bugzilla system
>  (http://bugzilla.globus.org/globus/show_bug.cgi?id=5955)
>
>  Hope this helps!
>  Giulio
>
>
>
> On Wed, Mar 26, 2008 at 4:40 PM, Tom Scavo <trscavo at gmail.com> wrote:
>  > On Wed, Mar 26, 2008 at 11:31 AM, Von Welch <vwelch at uiuc.edu> wrote:
>  >  > Seems like there is interest in having the SAML-Tools on the
>  >  >  production (0.5.1 currently) deployment as well as the head of cvs
>  >  >  version (gridshib-ca-test). I'm planning on reconfiguring the
>  >  >  production deployment to use them when I get a few minutes.
>  >  >
>  >  >  Basically I'm proposing making the use of the SAML-Tools ubiquitous
>  >  >  across the GS-CA deployments on computer barring objection.
>  >
>  >  +1
>  >
>  >
>  >  >  Also, right now, the GS-CA isn't putting any attributes into the
>  >  >  SAML, I'm thinking of adding one or two contrived group memberships,
>  >  >  plus the client IP, to make the SAML more interesting and useful for
>  >  >  debugging GS4GT deployments. Again, any comments welcome.
>  >
>  >  I'm not sure about IP address.  The GridShib CA shouldn't really add
>  >  an AuthenticationStatement to the SAML assertion since the act of
>  >  authentication occurred at the IdP.  (In a sense, authentication at
>  >  the GridShib CA is by SAML assertion, but I don't think that's what
>  >  the AuthenticationStatement is meant to convey.)  The nested SSO
>  >  assertion indicates the client's IP address.
>  >
>  >
>  >
>  >  >  Tom Scavo wrote:
>  >  >  > On Wed, Mar 26, 2008 at 9:59 AM, Giulio Galiero <giulio.galiero at eng.it> wrote:
>  >  >  >> anyway, this morning I could successfully get EEC from GS-CA 0.6.0 at
>  >  >  >> https://computer.ncsa.uiuc.edu/gridshib-ca-test/. After logging in via
>  >  >  >> ProtectNetwork I could retrieve the certificate (the GS-CA shows the
>  >  >  >> 0.5.0-preview version, is this ok?). The gridshibecho client works fine with
>  >  >  >> a correct output.
>  >  >  >
>  >  >  > Great!  I don't know what version of the GridShib CA this is, but Von
>  >  >  > said (private communication) that the current version of the GridShib
>  >  >  > CA integrated with the GridShib SAML Tools is always located at
>  >  >  >
>  >  >  > https://computer.ncsa.uiuc.edu/gridshib-ca-test/
>  >  >  >
>  >  >  > so that is the link I've inserted into the Quick Start.
>  >  >  >
>  >  >  >> I am going on with the QuickStart Guide and let you know how it goes.
>  >  >  >
>  >  >  > Excellent!  Please don't hesitate to post here if you have problems or
>  >  >  > encounter any issues.
>  >  >  >
>  >  >  > Cheers,
>  >  >  > Tom
>  >  >  >
>  >  >
>  >
>  >
>
>

More information about the gridshib-user mailing list