VOMS X509 Attribute Certificate Web Service Interface

Description

This Web services API is used by a member of VO vo-name (or by an application running on her behalf) to retrieve a valid VOMS AttributeCertificate.

The caller can request specific VOMS FQANs (e.g., VOMS Roles) using the requestedFQANs parameter. Requested FQANs are returned in the order in which they are requested.

The caller can request a different lifetime for the generated AttributeCertificate using the lifetime parameter. The lifetime of the AC is however bound to the maximum lifetime allowed by the server configuration.

Web Services Interface

Endpoint

https://voms-server:8443/voms/vo-name/services/VOMSAC

Interface


interface VOMSAC {
    
    byte[] getVOMSAttributeCertificate() throws VOMSException;
    byte[] getVOMSAttributeCertificate(String[] requestedFQANs) throws VOMSException;
    
    byte[] getVOMSAttributeCertificate(long lifetime) throws VOMSException;
    byte[] getVOMSAttributeCertificate(String[] requestedFQANs, long lifetime) throws VOMSException;
    
    String getVersion() throws VOMSException;
    String getInterfaceVersion() throws VOMSException;
    
}

getVomsAttributeCertificate

This method is used to retrieve the VOMS AC. It accepts the following parameters:

Required Name Type DescriptionSorted ascending
optional lifetime long Lifetime for the AC in seconds (used to ovverride the server default value, it is however bound to the maximum lifetime allowed by the server configuration)
optional requestedFQANs array of string The list of requested FQANs. FQANs are returned in the order they are requested

When requestedFQANs and lifetime are omitted, the VOMS server returns an AttributeCertificate, valid for the default lifetime as configured on the server, containing all the groups the requester is member of and the Generic attributes associated with her membership.

Returns: a byte array containing the PEM encoded VOMS Attribute Cerficate

Throws: VOMSException

getVersion

Returns: the version number of the server implementation

Throws: VOMSException

getInterfaceVersion

Returns: the version number of the supported interface Throws: VOMSException

Restful Interface

Description

HTTP Method Resource Description
GET /rest/ac Gets a X509 VOMS Attribute certificate containing VOMS FQANs

HTTP Response

The HTTP response code is 200 OK, if the request has completed without internal server errors.

The response body contains a text/xml document that has the following structure:

<voms>
  <ac>{base64 encoded AC}</ac>
</voms>

The root element voms has a child element ac that contains the base64 encoded VOMS AC.

Error messages

HTTP Error code Meaning
404 User not found in the VO
500 Internal server error

In both cases, the response body contains a text/xml document that has the following structure:

<voms>
  <error>{error message string}</error>
</voms>

The root element voms has a child element error that contains the error message.

Resftful Request/Response Example

Request:

GET /voms/voms-ws/rest/ac HTTP/1.1
Host: devel13.cnaf.infn.it:8443
Accept: */*

Response:

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=E95A6C247E1DEDBF104491162A6C56CC; Path=/voms/voms-ws; Secure
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 158
Date: Thu, 02 Oct 2008 17:06:42 GMT

<?xml version="1.0" encoding="UTF-8"?><voms><ac>...</ac></voms>

-- AndreaCeccanti - 03 Oct 2008

Topic revision: r5 - 2008-10-06 - AndreaCristofori
 
TWIKI.NET
This site is powered by the TWiki collaboration platformCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback