Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Authorization testing

41 views
Skip to first unread message

Chris Woelkers - NOAA Federal

unread,
Jul 27, 2023, 5:36:37 PM7/27/23
to Discuss
I'm testing Globus for our organization. The endpoint and gateway are set up and both can be seen within my Globus account. I've also set up three collections that would eventually be accessed by users for access testing. This is where the issue lies with Authentication Required errors when attempting to view any of the collections in the File Manager.
Here is the identity mapping file I came up with to map the usernames on the local system, which is backed by Centrify for AD users. The AD username I'm testing with has logged into the local system and has a shell and home directory.
Here is the identity mapping JSON file I came up with, based on the one in the documentation.
{
  "DATA_TYPE": "expression_identity_mapping#1.0.0",
  "mappings": [
    {
      "source": "{username}",
      "match": "(.+?)\\.(.*)@noaa\\.gov@accounts\\.google\\.com",
      "output": "{1}"
    }
  ]
}
And here is an example of the account identity, which should equal the username, that I'm testing with: firstname...@noaa.gov@accounts.google.com
The regex should match properly and pass on the 2nd group, the (.*) portion. Testing it in an online regex tester did verify the proper match.
Based on what I am reading in the Identity Mapping Guide reference, https://docs.globus.org/globus-connect-server/v5.4/identity-mapping-guide/#expression_reference, this should be correct.

I would like to include more details but am very new to Globus, but very experienced in Linux, and do not yet know how to get these details.

Chris

Karl Kornel

unread,
Jul 27, 2023, 6:01:08 PM7/27/23
to Chris Woelkers - NOAA Federal, Discuss

Hi Chris,

 

When you try to access a path in the File Manager, and you get an Authentication Error, what information do you see when you select “Show Details”?

 

~ Karl

 

--
You received this message because you are subscribed to the Google Groups "Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss+u...@globus.org.

Chris Woelkers - NOAA Federal

unread,
Jul 28, 2023, 8:17:10 AM7/28/23
to Karl Kornel, Discuss
Karl,

I get "Missing required data_access consent" under Show Details.

Thanks,

Chris Woelkers
IT Specialist
National Oceanic and Atmospheric Administration
Great Lakes Environmental Research Laboratory
4840 S State Rd | Ann Arbor, MI 48108
Office: 734-741-2446
Voice: 734-219-3815

Joe Bester

unread,
Jul 28, 2023, 8:21:05 AM7/28/23
to Chris Woelkers - NOAA Federal, Discuss
The + operator is not part of the expression language. See https://docs.globus.org/globus-connect-server/v5/identity-mapping-guide/#match-expressions for the details of that.

I think you should be able to replace the (.+?) with (.*) to get things working.

Joe

Chris Woelkers - NOAA Federal

unread,
Jul 28, 2023, 8:29:21 AM7/28/23
to Joe Bester, Discuss
Joe,

I see that now and will modify the JSON file. Speaking of can I just modify the identity mapping JSON or do I need to restart something or even recreate the collection with the new file for it to work?

Thanks,

Chris Woelkers
IT Specialist
National Oceanic and Atmospheric Administration
Great Lakes Environmental Research Laboratory
4840 S State Rd | Ann Arbor, MI 48108
Office: 734-741-2446
Voice: 734-219-3815

Joe Bester

unread,
Jul 28, 2023, 8:33:15 AM7/28/23
to Chris Woelkers - NOAA Federal, Discuss
> On Jul 28, 2023, at 8:29 AM, Chris Woelkers - NOAA Federal <chris.w...@noaa.gov> wrote:
>
> Joe,
>
> I see that now and will modify the JSON file. Speaking of can I just modify the identity mapping JSON or do I need to restart something or even recreate the collection with the new file for it to work?
>
> Thanks,
>
> Chris Woelkers

You can use the globus-connect-server storage-gateway update command.
Something like

globus-connect-server storage-gateway CONNECTOR-TYPE STORAGE-GATEWAY-ID --identity-mapping file:JSON_FILE

depending on the connector type, storage gateway id and path to the json file.

Joe

Chris Woelkers - NOAA Federal

unread,
Jul 28, 2023, 8:49:46 AM7/28/23
to Joe Bester, Discuss
That's got it.
Thank you Joe for the assistance.


Thanks,

Chris Woelkers
IT Specialist
National Oceanic and Atmospheric Administration
Great Lakes Environmental Research Laboratory
4840 S State Rd | Ann Arbor, MI 48108
Office: 734-741-2446
Voice: 734-219-3815

Reply all
Reply to author
Forward
0 new messages