wrong GLOBUS_MYPROXY_AUTHORIZED_DN value generated in gsi-authz.conf when "[Security].CILogonIdentityProvider = University of Notre Dame" is set in gcs.conf #18
Initially reported from and reproduced on GCS-4.0.50 RHEL7 systems.
gsi-authz.conf gets generated with GLOBUS_MYPROXY_AUTHORIZED_DN="/DC=org/DC=cilogon/C=US/C=US/O=University of Notre Dame" when "[Security].CILogonIdentityProvider = University of Notre Dame" is set in gcs.conf:
# cat /var/lib/globus-connect-server/gsi-authz.conf
|globus_mapping libglobus_gridmap_eppn_callout globus_gridmap_eppn_callout ENV:GLOBUS_MYPROXY_CA_CERT=/var/lib/globus-connect-server/grid-security/certificates/c2868627.0 GLOBUS_MYPROXY_AUTHORIZED_DN="/DC=org/DC=cilogon/C=US/C=US/O=University of Notre Dame"
|globus_mapping libglobus_gridmap_eppn_callout globus_gridmap_eppn_callout ENV:GLOBUS_MYPROXY_CA_CERT=/var/lib/globus-connect-server/grid-security/certificates/01b5d333.0 GLOBUS_MYPROXY_AUTHORIZED_DN="/DC=org/DC=cilogon/C=US/C=US/O=University of Notre Dame"
Note "/C=US/C=US/" rather than "/C=US/".
Issue prevented users from being able to access endpoint using their CILogon credentials. Fixing the DN value resolved the issue.
This does not happen when "[Security].CILogonIdentityProvider = University of Chicago" is set in gcs.conf:
# cat /var/lib/globus-connect-server/gsi-authz.conf
|globus_mapping libglobus_gridmap_eppn_callout globus_gridmap_eppn_callout ENV:GLOBUS_MYPROXY_CA_CERT=/var/lib/globus-connect-server/grid-security/certificates/c2868627.0 GLOBUS_MYPROXY_AUTHORIZED_DN="/DC=org/DC=cilogon/C=US/O=University of Chicago"
|globus_mapping libglobus_gridmap_eppn_callout globus_gridmap_eppn_callout ENV:GLOBUS_MYPROXY_CA_CERT=/var/lib/globus-connect-server/grid-security/certificates/01b5d333.0 GLOBUS_MYPROXY_AUTHORIZED_DN="/DC=org/DC=cilogon/C=US/O=University of Chicago"
see https://globusonline.zendesk.com/agent/tickets/344865
Initially reported from and reproduced on GCS-4.0.50 RHEL7 systems.
gsi-authz.conf gets generated with GLOBUS_MYPROXY_AUTHORIZED_DN="/DC=org/DC=cilogon/C=US/C=US/O=University of Notre Dame" when "[Security].CILogonIdentityProvider = University of Notre Dame" is set in gcs.conf:
Note "/C=US/C=US/" rather than "/C=US/".
Issue prevented users from being able to access endpoint using their CILogon credentials. Fixing the DN value resolved the issue.
This does not happen when "[Security].CILogonIdentityProvider = University of Chicago" is set in gcs.conf: