alrossi
commented
2 years ago Note: no pull request for 4.0 as xrootd4j 4.0 does not contain the code for these modules
Closed alrossi closed 2 years ago
alrossi
commented
2 years ago Note: no pull request for 4.0 as xrootd4j 4.0 does not contain the code for these modules
Motivation:
As a defensive measure, the server should enforce TLS when token authentication and authorization is used, rejecting any tokens passed if TLS has not been established.
The ZTN authentication module already does this, but we neglected to include a similar check for the SciToken authorization module.
Modification:
Add the check.
Result:
SciToken authorization without TLS should fail.
Target: master Request: 4.2 Request: 4.1 Request: 4.0 Patch: https://rb.dcache.org/r/13499/ Requires-notes: no Requires-book: no Acked-by: Lea