John, I am 99% sure that they are not yet using any EMI STS for this. You can find details of the CERN authentication at https://espace.cern.ch/authentication/CERN%20Authentication/Home.aspx SSO for web services https://espace.cern.ch/authentication/default.aspx Enjoy! Dave ------------------------------------------------ Dr David Kelsey Particle Physics Department Rutherford Appleton Laboratory Chilton, DIDCOT, OX11 0QX, UK e-mail: [log in to unmask] Tel: [+44](0)1235 445746 (direct) Fax: [+44](0)1235 446733 ------------------------------------------------ > -----Original Message----- > From: Testbed Support for GridPP member institutes [mailto:TB- > [log in to unmask]] On Behalf Of John Kewley > Sent: 30 November 2012 14:02 > To: [log in to unmask] > Subject: Re: Mapping UK Certificates to CERN accounts > > BTW does anyone "in the know" know whether this is using the EMI STS > service? > > If not, Chris do you have a link to documentation for their shibboleth auth > service? > > Cheers > > JK > > > -----Original Message----- > > From: Testbed Support for GridPP member institutes [mailto:TB- > > [log in to unmask]] On Behalf Of Chris Brew > > Sent: Friday, November 30, 2012 2:00 PM > > To: [log in to unmask] > > Subject: Re: Mapping UK Certificates to CERN accounts > > > > Hi, > > > > As the originator of the thread I can confirm that it works if you tunnel to > > CERN (although I admit the logic behind restricting that page to just CERN > > does escape me). > > > > Once you've mapped you certificate it works fine with the shibboleth auth > > without the tunnel. > > > > Yours, > > Chris. > > > > > -----Original Message----- > > > From: Testbed Support for GridPP member institutes [mailto:TB- > > > [log in to unmask]] On Behalf Of John Kewley > > > Sent: 30 November 2012 13:57 > > > To: [log in to unmask] > > > Subject: Re: Mapping UK Certificates to CERN accounts > > > > > > As I recall the 2B one didn't have the same issue, but it sounds like from > > > other posters that it isn't a certificate issue this time round. > > > > > > Cheers > > > > > > JK > > > > > > > -----Original Message----- > > > > From: Testbed Support for GridPP member institutes [mailto:TB- > > > > [log in to unmask]] On Behalf Of John Gordon > > > > Sent: Friday, November 30, 2012 1:12 PM > > > > To: [log in to unmask] > > > > Subject: Re: Mapping UK Certificates to CERN accounts > > > > > > > > We've been round this loop a couple of times before. Jens knows the > > > > history best as he negotiated in the past and even gave a special > > version of > > > the UK Cert. > > > > > > > > - It is not as simple as them not supporting the 2B cert. > > > > - nothing to do with VOMS/VOMSRS > > > > > > > > The MS software used at CERN for the central authentication didn't > > > > like some attribute in the UK CA cert. It wasn't in the user cert as > > > > Jens gave them a specially signed version of the UK CA cert which > worked > > > and got things working for everyone. > > > > It may be a simple as Jens needing to do that again for the 2B cert. > > > > > > > > John > > > > > > > > -----Original Message----- > > > > From: Testbed Support for GridPP member institutes [mailto:TB- > > > > [log in to unmask]] On Behalf Of Andrew Elwell > > > > Sent: 30 November 2012 11:23 > > > > To: [log in to unmask] > > > > Subject: Re: Mapping UK Certificates to CERN accounts > > > > > > > > > So has someone submitted a ticket to CERN to open it ? (If not, I'll > > do it). > > > > > If we don't tell them, they'll never know there's a problem. > > > > > > > > not ticketed, but have mailed the person concerned - he's > > > > investigating > > > > -- > > > > Scanned by iCritical. > > > -- > > > Scanned by iCritical. -- Scanned by iCritical.