EGI Technical Forum

Gridcertlib - From Shibboleth authentication to X.509 certificates and Grid proxies

Not scheduled

Lyon Conference Centre

Poster

Speakers

Riccardo Murri (UZH/GC3) Sergio Maffioletti (UZH/GC3)

Description

GridCertLib is a Java library providing services to create a SLCS/X.509 certificate and a Grid proxy (optionally VOMS-enabled), given the SAML2 assertion resulting from a Shibboleth2 authentication. The library comes with some example servlets (cf. package ch.swing.gridcertlib.servlet) that provide sample code to use the GridCertLib features in a Java web services environment. The main use case envisioned for GridCertLib is to provide seamless and secure access to Grid/X.509 certificates and proxies in web portals: when a user logs in to the portal using the regular SWITCHaai Shibboleth authentication, GridCertLib can automatically obtain a Grid X.509 certificate from the SLCS service and generate a VOMS proxy from it. What is more, all of this can happen without further interaction with the user. The VOMS configuration is the same for all users of the portal in our current implementation, which is set to the “life” VO of the Swiss National Grid Infrastructure SMSCG. GridCertLib has already been successfully deployed and integrated into a Bioinformatics portal based on P-GRADE at ETH Zurich, and into a Django-based Computational Chemistry portal at the University of Zurich, proving the flexibility and re-usability of the library and its design.