Access Keys:
Skip to content (Access Key - 0)

Dorian

Programmatically Logon to Dorian

[ Dorian: Administrators Guide | Developers Guide | Users Guide | caGrid: Documentation Guides ]

Overview

Dorian is a account management system for the Grid. Dorian provides an integration point between external security domains and the grid, allowing accounts managed in external domains to be federated and managed in the grid. This allows user's to use their organizational provided credentials or the credentials they use every day to "logon" to the Grid. Dorian also provides a built in mechanism for issuing account to users that don't already have accounts somewhere else or for whatever reason do not wish to leverage their existing accounts. This guide will provide detailed instructions on how to use the Dorian Client Java API to log on to the Grid.

Technical Details

An Identity Provider (IdP) is a computer system that issues credentials to individual end users and also verifies that the issued credentials are valid. Dorian allows accounts issued by existing IdPs to be used to create and access and account in the Grid. This allows user's to use their organizational provided credentials or the credentials they use every day to "logon" to the Grid. Dorian also provides its own IdP which can be used in conjunction with other IdP's or by itself to issue accounts to users. In the context of Dorian, the role of the IdP is to (1) authenticate the user by validating the credentials they issued to the user and (2) issue proof to the user that they have successfully authenticated. This proof is represented by a SAML Assertion and is consumed by Dorian to create a grid account for the user and issue grid credentials to the user. The caGrid/GAARDS Authentication Service provides a framework for issuing SAML assertions for existing credential providers such that they may easily integrated with Dorian and other grid credential providers. The authentication service also provides a uniform authentication interface in which applications can be built on. All Identity Providers integrated with Dorian provide an implementation of the Authentication Service interface, this includes the Dorian IdP. To programmatically login into Dorian one must use the AuthenticationService Client API to authenticate with an Identity Provider to obtain a SAML Assertion. Once the SAML Assertion is obtained, the Dorian Client API can be used to request a grid credential. The SAML Assertion will be accepted by Dorian ONLY IF the IdP that issued the assertion is registered with Dorian as a Trusted IdP. Below we show a code example that illustrates how to programmatically Logon to the Grid, in the example a username and password is used to authenticate to the built in Dorian IdP. The code below obtains a Grid credential with a 12 hour lifetime.

 try{

   //Create credential

   Credential cred = new Credential();
   BasicAuthenticationCredential bac = new BasicAuthenticationCredential();
   bac.setUserId("jdoe");
   bac.setPassword("changeme");
   cred.setBasicAuthenticationCredential(bac);

   //Authenticate to the IdP (DorianIdP) using credential

   AuthenticationClient authClient = new AuthenticationClient("https://localhost:8443/wsrf/services/cagrid/Dorian",cred);
   SAMLAssertion saml = authClient.authenticate();


   //Requested Grid Credential lifetime (12 hours)

   ProxyLifetime lifetime = new ProxyLifetime();
   lifetime.setHours(12);

   //Delegation Path Length

   int delegationLifetime = 0;

   //Request Grid Credential

    IFSUserClient dorian = new IFSUserClient("https://localhost:8443/wsrf/services/cagrid/Dorian");
    GlobusCredential proxy = dorian.createProxy(saml, lifetime,delegationLifetime);

 }catch (Exception e) {
   e.printStackTrace();
 }
Last edited by
Knowledge Center (1154 days ago) , ...
Adaptavist Theme Builder Powered by Atlassian Confluence