NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
Hi Philip :) Kershaw, Philip (STFC,RAL,SSTD) wrote:
Hi all, I'm interested in all of this for securing a pyDAP based service. This looks to be what we want in terms of the steps for SSL based authentication: http://www.unidata.ucar.edu/projects/THREDDS/tech/reference/HTTPsecurityChallenge.html Although in our case to enable single sign we would like the authentication to be based on the client certificate so that we can support single sign on using MyProxy.
We're testing a setup using certificate authentication through Apache instead of using THREDDS or Tomcat. Where authentication uses SLCS certificates directly (not proxy, or myproxy for that matter). How are you incorporating single sign on (assuming this means OpenID or Shibboleth) with client certificates? Or do you mean the MyProxy credentials *is* the SSO, and would unlock a certificate that will be used across multiple services (including stuff like GridFTP)?
Have any of you done much in the way of authentication interoperability tests between different client and server implementations?
Nope... We're hoping to keep authentication to either the container or web server so then it would be independent of the underlying webapp. I'm hoping client certificates would *just work* on the standard HTTP clients for the C, Java and Python OPeNDAP client libraries (i.e. curl, httpClient and httplib2(?)). We should be doing some testing soon...
Cheers, -Pauline. -- Pauline Mak Assistant Manager, ARCS Data Services Ph: +61 3 6226 7518 Mob: +61 411 638 196 Email: pauline.mak@xxxxxxxxxxx Jabber: pauline.mak@xxxxxxxxxxx Calendar: http://tinyurl.com/pmak-arcs-calendar http://www.arcs.org.au/ TPAC Email: pauline.mak@xxxxxxxxxxx http://www.tpac.org.au/
thredds archives: