Cleanup of linked certificates #15
Comments
|
In practice this would mean removing all certificates from IAM before adding the ones present in VOMS. But in this way you can't add a certificate only in IAM. |
|
I'm able to delete individual problematic certificate with {
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"operations": [{
"op": "remove",
"path": "certificates",
"value": {
"urn:indigo-dc:scim:schemas:IndigoUser": {
"certificates": [{
... all cert details ...
}]
}
}
}]
} |
|
Sure, you can also do it from the dashboard. But how does this address the issue? Before finding a solution, we should probably answer the question: what is a problematic certificate? |
|
People in the past got certificate from |
|
Ok, but assuming indigo-iam/iam#454 is fixed, would this be enough to consider also this issue (and #8) fixed? I fail to see how the importer can be changed to address this issue (and #8). Maybe we can run a one-time campaign to clean from IAM the certificates with issuer "CN=TERENA eScience Personal CA 3". That should be possible with the APIs. |
|
With indigo-iam/iam#454 fixed import is still not perfect, but we can live with that. |
New certificates are added with
link_certificate, but for full synchronization it is also necessary to remove DNs that no longer exists in the source VOMS. We are just aggregating in IAM bad / incorrect DNs that were cleanup long time ago from VOMS and to be able to use IAM SCIM as account source for other services (e.g. Rucio) we should get rid of these problematic entries that sometimes even don't have correct encoding for DN.The text was updated successfully, but these errors were encountered: