Skip to content
This repository was archived by the owner on May 23, 2022. It is now read-only.

Commit 3e54e17

Browse files
matyasselmecimatyasselmeci
committed
Delete "Using Bearer Tokens with {HTCondor-CE,XRootD}" sections for now
1 parent 469a94b commit 3e54e17

File tree

1 file changed

+0
-38
lines changed

1 file changed

+0
-38
lines changed

docs/security/tokens/overview.md

Lines changed: 0 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -136,44 +136,6 @@ For example, the following groups and roles have been used by the ATLAS and CMS
136136
```
137137

138138

139-
Using Bearer Tokens with HTCondor-CE
140-
------------------------------------
141-
142-
In order to support Token AAI, your CE must be based on OSG 3.6 or OSG 3.5-upcoming.
143-
You will need HTCondor 9.0.0 or newer, and `SCITOKENS` must be enabled as an auth method (this is the default).
144-
145-
You must have a mapfile which provides mappings from bearer tokens to Unix usernames,
146-
based on the token's issuer and, optionally, subject.
147-
The OSG distributes the `osg-scitokens-mapfile` RPM package that includes default mappings for use by OSG CEs.
148-
149-
Token mapfile lines look like:
150-
```
151-
SCITOKENS /^https\:\/\/scitokens\.org\/ligo,/ ligo
152-
SCITOKENS /^https\:\/\/cilogon\.org\/gm2,gm2pilot\@fnal\.gov$/ gm2pilot
153-
```
154-
These are regular expressions; the first matches a token with the issuer `https://scitokens.org/ligo`
155-
and any subject, and maps it to the `ligo` user.
156-
Note the trailing `,` in the regular expression: this separates the issuer from the subject.
157-
158-
The second example matches the issuer `https://cilogon.org/gm2` _and_ the subject `[email protected]`,
159-
and maps it to the `gm2pilot` user.
160-
161-
A `SCITOKENS` mapfile line supports WLCG tokens as well.
162-
Note that mapping can only be done on issuer and subject, _not_ `wlcg.groups`.
163-
164-
See the [configuring authentication documentation for HTCondor-CE]
165-
(https://opensciencegrid.org/docs/compute-element/install-htcondor-ce/#configuring-authentication)
166-
for further information.
167-
168-
169-
Using Bearer Tokens with XRootD
170-
-------------------------------
171-
172-
In order to support Token AAI, your XRootD installation must be based on OSG 3.6 or OSG 3.5-upcoming.
173-
You will need XRootD 5.0.2 or newer, with the `xrootd-scitokens` plugin.
174-
Follow the [configuring XRootD authorization documentation](https://opensciencegrid.org/docs/data/xrootd/xrootd-authorization)
175-
for information on how to configure XRootD to accept bearer tokens.
176-
177139

178140
Validating Tokens in Pilot Jobs
179141
-------------------------------

0 commit comments

Comments
 (0)