Next: Log4j configuration file
Up: Authorization Manager configuration file
Previous: VOMS configuration
The third template, voms+gridmapConfig.xml.template, configures the
Authorization Manager to use both the VOMS extension of the client certificate
and the gridmap file as the default information sources for the authorization
of client requests. The two sources of information are added; the client is
given all the roles granted by the VOMS server plus all the roles granted by
the gridmap file.
It contains two policies:
- VOMS+GridmapPolicy: it is the default policy used to authorize the
incoming requests. This policy contains two repositories, which results are
summed together, and one translation. The first repository processes the VOMS
extension of the client certificate and extracts all the roles associated to
the client. The second repository processes the gridmap file to add any role
associated to the client DN. The translation section uses the information
stored in a file (with a gridmap-like syntax) to associate the authorized
roles to local-ID values.
For the first repository the pathname of the directory containing the VOMS
signer certificates is specified in the vomsdir parameter: substitute
@VOMS.SIGNER.DIRECTORY@ with the name of this directory. The frequency
(in seconds) of reload of the VOMS signer certificates is specified in the
refreshperiod parameter; default value is `600'. All VOMS signer
certificates in the directory are accepted, as specified by the filter
parameter.
For the second repository the pathname of the gridmap file is specified in the
<filename> parameter: substitute @GRIDMAP.FILE.LOCATION@ with the
name of this file. The frequency (in seconds) of reload of the gridmap file is
specified in the <refreshperiod> parameter; default value is `-1'.
For the translation section the pathname of the translation file is specified
in the <filename> parameter: substitute @TRANSLATION.FILE.LOCATION@
with the name of this file. The frequency (in seconds) of reload of the
translation file is specified in the <refreshperiod> parameter;
default value is `-1'.
- adminPolicy: it is the policy used to authorize requests
addressed to the Administration GUI. A static table is used to store
the DNs of the administrators.
Substitute the parameter @ADMINISTRATOR.DN@ with the DN of the administrator.
Replicate the entry
<param key="@ADMINISTRATOR.DN@" value="Administrator" /> with the
DN of each subject who is administrator of the Authorization Manager.
Next: Log4j configuration file
Up: Authorization Manager configuration file
Previous: VOMS configuration
2004-07-02