Open cboettig opened 9 years ago
mbjones
commented
9 years ago @cboettig That looks promising -- seems like new functionality I wasn't aware of. I'll look into it and ask @leinfelder how it relates to our work on an OAuth portal. This might be a really good enhancement for the CLI logins. Thanks.
cboettig
commented
9 years ago @mbjones Thanks. Yeah, I had a tough time following the documentation but it really does look like we should be able to do the standard OAuth 1.0 authentication for CIlogon in order to get our certificate (e.g. http://www.cilogon.org/portal-delegation) Not sure if will still mean running the javaws stuff or not, but from those examples it looks like we should be able to bypass it.
Did a little EML demo for the Davis R-users group today and the KNB seemed like a real highlight; even though I couldn't demo publishing to KNB directly due to auth being impossible to execute from within the containerized RStudio-server instance I had boxed people into.
leinfelder
commented
9 years ago Hadn't seen this before. Seems feasible to write into the client the steps they outlined at the bottom of the page: • Generate a 2048-bit RSA private key. • Create a PEM-encoded PKCS10 certificate request containing the corresponding RSA public key. • Submit an HTTP POST request to https://cilogon.org//gridshib-ca//GridShibCA.cgi containing the certificate request and the Activation Code. • Read the response to the HTTP POST containing the PEM-encoded signed X.509 certificate.
Just have to have the use enter their activation code. It's still not great since it involves the browser, but maybe that's better than nothing and has fewer barriers than the ECP route. -ben
On Jan 30, 2015, at 3:05 PM, Carl Boettiger notifications@github.com wrote:
@mbjones Thanks. Yeah, I had a tough time following the documentation but it really does look like we should be able to do the standard OAuth 1.0 authentication for CIlogon in order to get our certificate (e.g. http://www.cilogon.org/portal-delegation) Not sure if will still mean running the javaws stuff or not, but from those examples it looks like we should be able to bypass it.
Did a little EML demo for the Davis R-users group today and the KNB seemed like a real highlight; even though I couldn't demo publishing to KNB directly due to auth being impossible to execute from within the containerized RStudio-server instance I had boxed people into.
— Reply to this email directly or view it on GitHub.
mbjones
commented
9 years ago We're moving towards use of an OAuth style token in DataONE V2. Implementation will be tracked in issue #62 .
It would be nice if the package could handle more of the technical steps in the login process to avoid the dance with browser forms and javaws. Instead of selecting an associated URL at https://cilogon.org/?skin=DataONE one might have an R function that takes this as an argument (defaulting to something sensible such as Google), opens the browser to confirm authentication, and then automatically handles the download of the certificate.
I don't quite follow the example here, but it looks like cilogon supports more programmatic authentication: http://www.cilogon.org/enabled , showing a python script that writes the credential into
/tmp.I took a look at least submitting the form from R through
rvest::submit_form(docs), but the form at cilogon was a bit too obtuse for me to figure out from the raw html-form information; probably this isn't the best way to go.