[Gt-eos] how to handle security issues

Frank Scheiner scheiner at hlrs.de
Thu May 23 14:49:27 CEST 2019 

On 5/23/19 14:20, Mischa Salle wrote:
> On Thu, May 23, 2019 at 02:08:07PM +0200, Frank Scheiner wrote:
>>> I have a EGI sso account, and it us linked with that. You should be able
>>> to create one yourself, via https://sso.egi.eu/admin/
>>
>> I think I have such an account also, since the gt-eos list was started. I
>> have to check how this can be linked. Thanks for the pointer.
> 
> Indeed you have:
>   https://sso.egi.eu/admin/userDetail/fs
> (found you via https://sso.egi.eu/admin/groupView/gt-eos-authors)
> Did it popup a certificate choosing box?

Yeah, that worked, too. I maybe should have authenticated the same way 
on the mailing list interface, but I ignored that popup request as I 
didn't recall that I had the SSO account. My web browser remembers this 
until a restart and the popup won't reappear until then. So I have to 
recheck.

> That might be the trick. Also
> noting that TCS puts my email in my certificate. Otherwise we'll have to
> ask for help, you could put it in the GGUS ticket, if you have access
> there.
> 
>>> See also https://www.egi.eu/intranet/
>>> You can then also use a (IGTF) certificate from your browser by the way.
>>> Once that's done, we probably have to add your account as admin or it
>>> will just recognise your emailaddress.
>>
>> I think the latter is already in place, as I received all four subscription
>> requests:
> Ah, no I meant, that perhaps it authorises people based on the matching
> of the emailaddress from the admin with the email in SSO, (which are
> already the same for you).

I see.

> Can you see if you have a certificate with the right DN?
> You can use e.g. https://www.eugridpma.org/your-identity/

Yes, I can confirm., that the DN of the used certificate in my web 
browser is identical to the one used for the SSO account.

Cheers,
Frank

-- 
Frank Scheiner

High Performance Computing Center Stuttgart (HLRS)
Department Project User Management & Accounting

Email: scheiner at hlrs.de
Phone: +49 711 685 68039

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2293 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.egi.eu/pipermail/discuss/attachments/20190523/160835f2/attachment.p7s>

More information about the discuss mailing list