NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
Hi Pauline, > How are you incorporating single sign on (assuming this means OpenID or > Shibboleth) with client certificates? Or do you mean the MyProxy > credentials *is* the SSO, and would unlock a certificate that will be > used across multiple services (including stuff like GridFTP)? Yes the latter. The client would make a call to MyProxy logon first to obtain a credential from their home IdP then submit this in their request over SSL to the OPeNDAP service. We also have OpenID based SSO for pyDAP. Our OpenID Provider uses username/password but could use a client cert too as I've seen done with MyOpenID. > > > Have any of you done much in the way of authentication > > interoperability tests between different client and server > > implementations? > > > > Nope... We're hoping to keep authentication to either the > container or > web server so then it would be independent of the underlying webapp. We've followed the same approach overlaying the pyDAP web application with independent WSGI based security middleware. > I'm hoping client certificates would *just work* on the standard HTTP > clients for the C, Java and Python OPeNDAP client libraries > (i.e. curl, > httpClient and httplib2(?)). We should be doing some testing soon... OK - would be interested to hear how you get on :) I did some initial tests with wget but I'm more concerned about compatibility with the other OPeNDAP client libraries. Cheers, Phil -- Scanned by iCritical.
thredds archives: