Return-Path: X-Original-To: apmail-airavata-dev-archive@www.apache.org Delivered-To: apmail-airavata-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7A87B17F86 for ; Mon, 13 Apr 2015 23:24:23 +0000 (UTC) Received: (qmail 63572 invoked by uid 500); 13 Apr 2015 23:24:23 -0000 Delivered-To: apmail-airavata-dev-archive@airavata.apache.org Received: (qmail 63525 invoked by uid 500); 13 Apr 2015 23:24:23 -0000 Mailing-List: contact dev-help@airavata.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@airavata.apache.org Delivered-To: mailing list dev@airavata.apache.org Received: (qmail 63513 invoked by uid 99); 13 Apr 2015 23:24:23 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Apr 2015 23:24:23 +0000 X-ASF-Spam-Status: No, hits=2.7 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_REPLY,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of hasi7786@gmail.com designates 209.85.223.170 as permitted sender) Received: from [209.85.223.170] (HELO mail-ie0-f170.google.com) (209.85.223.170) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Apr 2015 23:23:57 +0000 Received: by iedfl3 with SMTP id fl3so2266510ied.1 for ; Mon, 13 Apr 2015 16:23:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=7gZO4uVDGq5/wfK34o4wskm7nVT8JcVuFeAeFm2ZHN4=; b=sTrrIQKw9BysrYIfHoke9i7gPAjkw1xwR+JfCbCFCrUwnuaaw8gVfPj9/IPqaWROvz bohd619E38Qs7tuwxHZlNjrA9Qdz55F+SC584de7hUd1BzQmDYr7VjKXCTslWk7Uue5Y hBpkzgfg095VMl7u7+UQCtc0i5pX7N/Dgot4An0Aa+5smP2eGYXTzLzk+uTdSQyADV8K yhf5zeZVAZRdChMudu1a5D9R+1t4Oew+KKL34S6ZGIXA9eE4OQ0RtjVkiC0w7MuA3CTj hqfi/rZYJjatUJnnagThT6y/ljToVFFmmbGVaxaSvAqA+aOyh9b+KT6RDaInn8yg/7f2 +iNA== X-Received: by 10.107.166.203 with SMTP id p194mr24846245ioe.30.1428967435618; Mon, 13 Apr 2015 16:23:55 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.169.37 with HTTP; Mon, 13 Apr 2015 16:23:35 -0700 (PDT) In-Reply-To: References: From: Hasini Gunasinghe Date: Mon, 13 Apr 2015 19:23:35 -0400 Message-ID: Subject: Re: Airavata User management To: dev@airavata.apache.org Content-Type: multipart/alternative; boundary=001a11414af4654fe40513a368b0 X-Virus-Checked: Checked by ClamAV on apache.org --001a11414af4654fe40513a368b0 Content-Type: text/plain; charset=UTF-8 Hi Dimuthu, Please find the answers inline. On Mon, Apr 13, 2015 at 6:37 PM, DImuthu Upeksha wrote: > Hi all, > > I have few points to get clarified about user management in Airavata server > > 1. When I start the server there is an error log > > [ERROR] The Credential Store Server did not start!!! > > Where is this credential store? How should I configure it? > This has been answered in a previous thread. I am copying below the answer given by Chathuri in the thread "Resolving the issues in the Airavata server statup" *"Credential store thrift service is not starting by default. If you want to start credential store service, you need to configure it in airavata-server.properties. You will see below set of properties under "Credential Store module Configuration" in airavata-server.properties* *start.credential.store=false* *credential.store.keystore.url=**/Users/chathuri/dev/airavata/* *credential-store/oa4mp/**airavata_sym.jks* *credential.store.keystore.**alias=airavata* *credential.store.keystore.**password=airavata* *credential.store.jdbc.url=**jdbc:derby://localhost:1527/* *experiment_catalog;create=**true;user=airavata;password=**airavata* *credential.store.jdbc.user=**airavata* *credential.store.jdbc.**password=airavata* *credential.store.jdbc.driver=**org.apache.derby.jdbc.**ClientDriver* *credential.store.server.host=**localhost* *credential.store.server.port=**8960* *credentialstore=org.apache.**airavata.credential.store.* *server.CredentialStoreServer* *credential.store.thrift.**server.keystore=/Users/**chathuri/dev/airavata/* *credential-store/oa4mp/**airavata.jks* *credential.store.thrift.**server.keystore.password=**airavata* *You need to make start.credential.store as true. You need to generate symmetric key and specify that path for credential.store.keystore.url. Credential store thrift service is a secured TLS service. You need to generate a keystore file and specify the path and password in the properties credential.store.thrift.**server.keystore, credential.store.thrift.* *server.keystore.password. If you specify all these properties, credential store will be start as a secured thrift service."* > What is the usage of this credential store? > AFAIU, Credential store is used to store the credentials/tokens that are used by Airavata to authenticate to different grid servers. This paper is on Airavata Credential Store: https://scholarworks.iu.edu/dspace/bitstream/handle/2022/17379/ccgrid_2014_credential_store.pdf?sequence=1 > 2. When I go through Airavata.Client API and client samples I could not > see that there is a authentication mechanism for users who access it > (Please correct me if there is a way). If so what is the use of a > Credentials Store? > As mentioned before, credential store stores the tokens for Airavata to authenticate to grid servers, not the end-user credentials. > > 3. How does the user authorisation is done in Airavata? > Currently, end users are not authenticated/authorized at the Airavata API. This https://issues.apache.org/jira/browse/AIRAVATA-1624 proposes a solution for that. Thanks, Hasini. > > Thanks > Dimuthu > > -- > Regards > > W.Dimuthu Upeksha > Undergraduate > Department of Computer Science And Engineering > > University of Moratuwa, Sri Lanka > --001a11414af4654fe40513a368b0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Dimuthu,

Please find the answers inli= ne.

On Mon, Ap= r 13, 2015 at 6:37 PM, DImuthu Upeksha <dimuthu.upeksha2@gmail.co= m> wrote:
Hi all,

I have few points to get clar= ified about user management in Airavata server

1. = When I start the server there is an error log=C2=A0

[ERROR] The Credential Store Server did not start!!!

= Where is this credential store? How should I configure it?

=
This has been answered in a previous thread. I am copying= below the answer given by Chathuri in the thread "Resolving the issue= s in the Airavata server statup"

"Credential store= thrift service is not starting by default. If you=20 want to start credential store service, you need to configure it in=20 airavata-server.properties. You will see below set of properties under=20 "Credential Store module Configuration" in airavata-server.proper= ties

start.credential.store=3Df= alse
credential.store.keystore.url=3D/Users/chathur= i/dev/airavata/credential-store/oa4mp/airavata_sym.jks
credential.store.keystore.alias=3Dairavata
= credential.store.keystore.password=3Dairavata
cr= edential.store.jdbc.url=3Djdbc:derby://localhost:1527/experim= ent_catalog;create=3Dtrue;user=3Dairavata;password=3Dairavata=
credential.store.jdbc.user=3Dairavata
credential.store.jdbc.password=3Dairavata
cred= ential.store.jdbc.driver=3Dorg.apache.derby.jdbc.ClientDriver=
credential.store.server.host=3Dlocalhost
=
credential.store.server.port=3D8960
credent= ialstore=3Dorg.apache.airavata.credential.store.server.Creden= tialStoreServer
credential.store.thrift.server.keys= tore=3D/Users/chathuri/dev/airavata/credential-store/oa4mp/airavata.jks
credential.store.thrift.server.ke= ystore.password=3Dairavata

You need to make start.credential.store as true. You need to generate symmetric key and specify that path for=20 credential.store.keystore.url. Credential store thrift service is a=20 secured TLS service.=C2=A0 You need to generate a keystore file and specify= =20 the path and password in the properties credential.store.thrift.serv= er.keystore, credential.store.thrift.server.keystore.password. If yo= u specify all these properties, credential store will be start as a secured= thrift service."

What is the usage of this cre= dential store?

AFAIU, Credential store is = used to store the credentials/tokens that are used by Airavata to authentic= ate to different grid servers. This paper is on Airavata Credential Store:<= br>https://= scholarworks.iu.edu/dspace/bitstream/handle/2022/17379/ccgrid_2014_credenti= al_store.pdf?sequence=3D1
=C2=A0
2. When I go through Air= avata.Client API and client samples I could not see that there is a authent= ication mechanism for users who access it (Please correct me if there is a = way). If so what is the use of a Credentials Store?

As mentioned before, credential store stores the tokens for= Airavata to authenticate to grid servers, not the end-user credentials.
<= div>

3. How does the user authorisation is done in Airav= ata?

Currently, end users= are not authenticated/authorized at the Airavata API. This https://= issues.apache.org/jira/browse/AIRAVATA-1624 proposes a solution for tha= t.

Thanks,
Hasini.

Thanks
Dimuthu

--
Rega= rds

W= .Dimuthu Upeksha
Undergraduate

Department of Computer Science And Engineering

University of M= oratuwa, Sri Lanka


--001a11414af4654fe40513a368b0--