Hi Philip :)
Kershaw, Philip (STFC,RAL,SSTD) wrote:
Hi all,
I'm interested in all of this for securing a pyDAP based service. This looks
to be what we want in terms of the steps for SSL based authentication:
http://www.unidata.ucar.edu/projects/THREDDS/tech/reference/HTTPsecurityChallenge.html
Although in our case to enable single sign we would like the authentication to
be based on the client certificate so that we can support single sign on using
MyProxy.
We're testing a setup using certificate authentication through Apache
instead of using THREDDS or Tomcat. Where authentication uses SLCS
certificates directly (not proxy, or myproxy for that matter). How are
you incorporating single sign on (assuming this means OpenID or
Shibboleth) with client certificates? Or do you mean the MyProxy
credentials *is* the SSO, and would unlock a certificate that will be
used across multiple services (including stuff like GridFTP)?
Have any of you done much in the way of authentication interoperability tests
between different client and server implementations?
Nope... We're hoping to keep authentication to either the container or
web server so then it would be independent of the underlying webapp.
I'm hoping client certificates would *just work* on the standard HTTP
clients for the C, Java and Python OPeNDAP client libraries (i.e. curl,
httpClient and httplib2(?)). We should be doing some testing soon...
Cheers,
-Pauline.
--
Pauline Mak
Assistant Manager, ARCS Data Services
Ph: +61 3 6226 7518
Mob: +61 411 638 196
Email: pauline.mak@xxxxxxxxxxx
Jabber: pauline.mak@xxxxxxxxxxx
Calendar: http://tinyurl.com/pmak-arcs-calendar
http://www.arcs.org.au/
TPAC
Email: pauline.mak@xxxxxxxxxxx
http://www.tpac.org.au/
