[Go-essp-tech] [ESG-CET] Gateway 1.3.0 release production registry file
Cinquini, Luca (3880)
Luca.Cinquini at jpl.nasa.gov
Thu Jun 16 18:31:28 MDT 2011
Hi Nathan,
I upgraded the JPL gateway to RC4 and I can now SSO to esg.prototype.ucar.edu.
Could you give it a try ?
thanks, Luca
On Jun 16, 2011, at 3:17 PM, Nathan Hook wrote:
> Hi Luca,
>
> There are a couple issues causing the login issues between the jpl and
> ncar gateway:
>
> First, the jpl gateway does not seem to be running the latest RC version
> of the Gateway. From the footer on the jpl site:
> Gateway Portal Software version: 1.3.0-RC2-20110505-170449
>
> Currently we should be testing RC4. RC2 and RC4 are incompatible for
> openid logins because of an upgrade to openid4java that now signs
> attributes. Please see the following jira ticket:
> https://vets.development.ucar.edu/jira/browse/GTWY-2379
>
>
> Second, the esg-truststore.ts truststore contains two entries for
> esg-gateway.jpl.nasa.gov and the expired certificate appears before the
> new valid certificate.
> https://rainbow.llnl.gov/dist/certs/esg-truststore.ts
>
>
> Once the esg-truststore.ts file is updated properly we will update our
> prototype truststores and test again.
>
>
> Regards,
>
> Nathan
>
>
> FYI, the ssl provider picked for jpl (RapidSSL) does not seem to be
> trusted by the default java truststore (cacerts or jssecacerts), which
> in the future could potentially cause debugging issues for external java
> clients accessing your site. If this is a known issue please disregard.
>
>
>
>
> On 6/16/2011 6:52 AM, Cinquini, Luca (3880) wrote:
>> Hi Nate,
>> I updated to the latest version of the federation registry but I still cannot log in into the esg.prototype.ucar.edu site with a JPL openid. Are you using the latest ESG truststore ? The old one had an expired JPL certificate.
>> thanks, Luca
>>
>> On Jun 15, 2011, at 10:31 PM, Nathan Wilhelmi wrote:
>>
>>> Hi Luca,
>>>
>>> I believe the production openid provider value was wrong, I corrected in
>>> both the production and test registry files. It has been updated on our
>>> staging instance as well.
>>>
>>> Thanks!
>>> -Nate
>>>
>>> On 06/15/2011 09:31 AM, Cinquini, Luca (3880) wrote:
>>>> Hi Nate,
>>>> I installed this file on the JPL production gateway, and then tried to use a JPL openid (https://esg-gateway.jpl.nasa.gov/myopenid/cinquiniluca) at this site:
>>>>
>>>> http://esg.prototype.ucar.edu/home.htm
>>>>
>>>> but it says "invalid openid" - does this site use the updated gateway registry ?
>>>>
>>>> You could also try the opposite - use a test NCAR openid to log onto the esg-gateway.jpl.nasa.gov site.
>>>>
>>>> thanks, Luca
>>>>
>>>>
>>>> On Jun 14, 2011, at 9:08 PM, Nathan Wilhelmi wrote:
>>>>
>>>>> Hi Luca,
>>>>>
>>>>> I added the production JPL openid provider to the test registry file:
>>>>> https://vets.development.ucar.edu/registry/federation-registry-m2.xml
>>>>>
>>>>> This has been reharvested by the gateway if you want to give it a try.
>>>>>
>>>>> Thanks!
>>>>> -Nate
>>>>>
>>>>> On 06/14/2011 05:17 AM, Cinquini, Luca (3880) wrote:
>>>>>> It seems to be behind a firewall ?
>>>>>> Luca
>>>>>>
>>>>>> On Jun 13, 2011, at 9:44 PM, Nathan Wilhelmi wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Per the last go-essp call I have put together a production registry
>>>>>>> document based on the information that I know. If you have a gateway in
>>>>>>> the production federation could you please review for accuracy.
>>>>>>>
>>>>>>> https://vets.development.ucar.edu/registry/federation-registry-production.xml
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> -Nate
>>>>>>> _______________________________________________
>>>>>>> ESG-CET mailing list
>>>>>>> ESG-CET at earthsystemgrid.org
>>>>>>> http://mailman.ucar.edu/mailman/listinfo/esg-cet
>>>
>>
>> _______________________________________________
>> ESG-CET mailing list
>> ESG-CET at earthsystemgrid.org
>> http://mailman.ucar.edu/mailman/listinfo/esg-cet
>
More information about the GO-ESSP-TECH
mailing list