By John Steven De… |
Managing users, groups, and AUP agreements
Note: most of this information is obsolete due to changes in WLCG/ATLAS IAM implementation. See instead ATLAS Token Transition Notes on IAM and IAM Documentation for Administrators.
Obtaining proxies from IAM
In both cases, ensure that an entry exists for the ATLAS IAM server (voms-atlas-auth.app.cern.ch) in `/etc/vomses`; if not, create an entry with the following content:
"atlas" "voms-atlas-auth.app.cern.ch" "443" "/DC=ch/DC=cern/OU=computers/CN=atlas-auth.web.cern.ch" "atlas"
Obtaining an x.509 proxy
For a VOMS proxy:
voms-proxy-init --vomses voms-atlas-auth.app.cern.ch --voms atlas
For an ARC proxy:
arcproxy --vomses voms-atlas-auth.app.cern.ch --voms atlas
Obtaining a token
- Start oidc-agent
# Get a one-time refresh token (only needed the first time registering; enter the generated code when prompted): oidc-gen --flow=device --issuer=https://atlas-auth.web.cern.ch/ --scope-all atlas # After the first registration, skip the step above and instead simply add access to the refresh token: oidc-add atlas
# Obtain the new token: oidc-token atlas