perfSONAR User Q&A and Other Discussion

["Niederberger, Ralph" <>]

Dear Nina,

As I said, the perfsonarUI client connects to the identity provider and this
seems to work fine. After getting the security token, he connects to the
sqlma server and provides his security token, this seems to work fine also.
Then the sqlma server tries to verify the security token he got from the
perfsonarUI client, to check if the client is allowed to get information.
Therefore the sqlma connects to the AS services (I had configured sqlma
before, to use an AS service). And here the problem seems to be located
currently. With wireshark I see that sqlma connects to the AS services, as
he should do because of configuration, but it gets back the message that the
AS is not available. 

But I can check with the perfsonarUI using the "playground page" of
perfsonarUI (as described in perfSONAR MDM 3.2 Administrator's Guide page
26-28), that the AS is available and working (To be clear, this test is
independend from my sqlma request I described earlier).   

Best regards

Ralph

> -----Ursprüngliche Nachricht-----
> Von: Nina Jeliazkova 
> [mailto:]
> Gesendet: Donnerstag, 22. Oktober 2009 09:21
> An: Niederberger, Ralph
> Cc: 
> 
> Betreff: Re: [perfsonar-user] Problems with Authentication within
> perfsonar
> 
> Dear Ralph,
> 
> Niederberger, Ralph wrote:
> > Dear Nina, Candido and all,
> >
> > I did a further step by step analysis.
> >
> > My perfsonarUI connects to redIRIS and though getting this
> > "HLPattern type not defined" error seems to work, since the client works
> > different when specifying legal or wrong (illegal) UID PWD combination.
> >
> > When providing correct information, my the perfsonarUI client connects
> to my
> > sqlma server. The server the connects to the authentication service
(AS).
> >
> > With wireshark I can see that the SQLMA connect to the AS specifying a
> > security token with the "HTTP/XML POST /perfSONAR-
> AS/services/AuthService
> > HTTP/1.0" message.
> >
> > The response from the AS is "HTTP/1.1 404 Not Found (text/html)".
> >
> > The full response is:
> >
> > ====================================
> > HTTP/1.1 404 Not Found
> > Server: Apache-Coyote/1.1
> > Content-Type: text/html;charset=utf-8
> > Content-Length: 1054
> > Date: Thu, 22 Oct 2009 06:26:27 GMT
> > Connection: close
> >
> > <html>
> > <head><title>Apache Tomcat/6.0.18 - Error report</title>
> >   <style>
> >   <!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;
> >   background-color:#525D76;font-size:22px;}
> >   H2 {font-family:Tahoma,Arial,sans-serif;color:white;
> >       background-color:#525D76;font-size:16px;}
> >   H3 {font-family:Tahoma,Arial,sans-serif;color:white;
> >       background-color:#525D76;font-size:14px;}
> >   BODY {font-family:Tahoma,Arial,sans-serif;color:black;
> >       background-color:white;}
> >    B {font-family:Tahoma,Arial,sans-serif;color:white;
> >       background-color:#525D76;}
> >    P {font-family:Tahoma,Arial,sans-serif;
> >       background:white;color:black;font-size:12px;}
> >    A {color : black;}A.name {color : black;}
> >    HR {color : #525D76;}--></style>
> > </head>
> > <body>
> >    <h1>HTTP Status 404 - /perfSONAR-AS/services/AuthService</h1>
> >    <HR size="1" noshade="noshade">
> >    <p><b>type</b> Status report</p>
> >    <p><b>message</b>
> >      <u>/perfSONAR-AS/services/AuthService</u>
> >    </p>
> >    <p><b>description</b>
> >      <u>The requested resource (/perfSONAR-AS/services/AuthService)
> >         is not available.</u>
> >    </p>
> >    <HR size="1" noshade="noshade">
> >    <h3>Apache Tomcat/6.0.18</h3>
> >   </body>
> > </html>
> > =======================================
> >
> > This message implies that the Authentication service is not available,
> > though I did "Testing Your Deployment" as specified in the perfSONAR MDM
> 3.2
> > Administrator's Guide on pages 19-28.
> >
> > So my question is: Why does the AS tell my SQLMA that there is no
> > authentication service available, though he gives back to my perfsonarUI
> > client by using the "playground page" correct information?
> >
> >
> Just to clarify, PerfsonarUI communicates with an identity provider to
> authenticate you, not with particular AS service.  I understand this
> works fine.
> 
> If you are able to retrieve information from the MA service without
> authentication (via playground or another client), this indeed means
> your sqlma service is not configured to use an AS.
> 
> Best regards,
> Nina
> > Any help is very appreciated. Thanks a lot in advance
> >
> > Ralph
> >

Attachment: smime.p7s
Description: S/MIME cryptographic signature