...
- a simple PHP program showing the basic API and handshake, with a possibility to execute the same demonstrator code. The code additionally shows how to integrate with VOMS or how to specify a specific IdP at the WAYF.
- a simple Science Gateway allowing access to a gsiftp-enabled storage service (a test dCache instance, https://prometheus.desy.de/). This shows how X.509-based storage elements can be accessed using a science gateway, where authorization is based on VOMS attributes (group membership etc.).
Demonstrator workflows
Basic demo:
| 1. | select one of the login pages, e.g. run VOMS demo to get a proxy certificate with VOMS attributes |  |
| 2. | choose your home IdP at the WAYF of the RCauth online CA |  |
| 3. | login at your home IdP |  |
| 4. | give consent at the RCauth online CA for attribute release |  |
| 5a. | The demo shows the returned OpenID Connect information and ... |  |
| 5b. | ... obtains a proxy, showing its information |  |
GSIFTP demo:
| 1. | Read the information about the demonstrator and choose to log in either with or without VOMS attributes |  |
| 2. | choose your home IdP at the WAYF of the RCauth online CA |  |
| 3. | login at your home IdP |  |
| 4. | give consent at the RCauth online CA for attribute release |  |
| 5. | choose to browse the remote dCache storage element (only works once you have access to the rcdemo VO, drop us a line to request access). |  |
| 6 | go to the VO home directory for rcdemo. |  |
Components
- RCauth.eu online CA is based on CILogon-software from the US-based CILogon project. A few adaptations had to be made to conform to European privacy regulations. The backend CA is based on a myproxy-server with an eToken as simple HSM plus some extra software to run the CA on a separate network.
- The Master Portal is also based on the same software, implementing simultaneously an OA4MP client and server plus glue to connect the two. It has a backend myproxy-server for credential caching.
...