Closed RubenGarcia closed 4 years ago
RubenGarcia
commented
4 years ago I found in connection.go, line 414 if con.Options.AuthType == 0 { con.Options.AuthType = PasswordAuth // Options: PasswordAuth PAMAuth } I was expecting here the possibility that AuthType is an auth plugin, but I may have misunderstood the workflow.
RubenGarcia
commented
4 years ago I am calling client, conErr := gorods.New(gorods.ConnectionOptions{ Type: gorods.EnvironmentDefined, }) so that gorods is aware of the extra configuration in irods_environment.json
RubenGarcia
commented
4 years ago Also, in connection.go, line 277 type ConnectionOptions struct { ... } I expected to see the other parameters which can be added to irods_environment.json, in particular "irods_authentication_scheme" and "irods_plugins_home". Is there an alternative way to pass these using gorods.UserDefined?
jjacquay712
commented
4 years ago @RubenGarcia Currently GoRODS only supports PAM and plain-text password based authentication.
When creating a connection with EnvironmentDefined specified:
client, conErr := gorods.New(gorods.ConnectionOptions{
Type: gorods.EnvironmentDefined,
})host, port, username, and zone are pulled from the irods_environment.json config file. You must still specify a plain-text password or PAM token when using EnvironmentDefined.
jjacquay712
commented
4 years ago See #32
I was trying to use the openid plugin from https://github.com/irods-contrib/irods_auth_plugin_openid
but I'm getting a totally different input from command line iinit and from gorods's iinit. With command line, I get 8 copies of NOTICE: created irodsHome=/tempZone/home/rods NOTICE: created irodsCwd=/tempZone/home/rods and then entering openid_auth_client_start openid_auth_client_start,_context_string: provider=keycloak_openid NOTICE: using provided context string NOTICE: attempting to update context from client client using provider: keycloak_openid entering read_sess_file entering sess_filename() calling getRodsEnvAuthFileName() trying to call getenv(HOME) HOME: /root
after some further messages, I get a URL to log in.
However, from gorods, I'm getting only 4 copies of NOTICE: created irodsHome=/tempZone/home/rods NOTICE: created irodsCwd=/tempZone/home/rods followed by rcAuthResponse failed with error -826000 CAT_INVALID_AUTHENTICATION ERROR: 2019/09/23 11:56:53 /root/go/src/code.it4i.cz/lexis/wp8/dataset-management-interface/server/main.go:127 Error initializing irods client: 2019-09-23 11:56:53.237681954 +0000 UTC m=+0.131362935: Fatal - iRODS Connect Failed: clientLoginWithPassword error, invalid password? CAT_INVALID_AUTHENTICATION ... Exiting
This is a similar output to what I get from the command line when I remove "irods_authentication_scheme": "openid", from the .irods/irods_environment.json.
The documentation seems to indicate that plugins are supported, though.
Can you confirm if authentification plugins (and specifically the openid plugin) should theoretically work with gorods? Or are deep changes in the gorods source code needed?