Managing users, groups, and AUP agreements

Note: most of this information is obsolete due to changes in WLCG/ATLAS IAM implementation. See instead ATLAS Token Transition Notes on IAM and IAM Documentation for Administrators.

Obtaining proxies from IAM

In both cases, ensure that an entry exists for the ATLAS IAM server (voms-atlas-auth.app.cern.ch) in `/etc/vomses`; if not, create an entry with the following content:

"atlas" "voms-atlas-auth.app.cern.ch" "443" "/DC=ch/DC=cern/OU=computers/CN=atlas-auth.web.cern.ch" "atlas"

Obtaining an x.509 proxy

For a VOMS proxy:

voms-proxy-init --vomses voms-atlas-auth.app.cern.ch --voms atlas

For an ARC proxy:

arcproxy --vomses voms-atlas-auth.app.cern.ch --voms atlas

Obtaining a token

1. Start oidc-agent

2. # Get a one-time refresh token (only needed the first time registering; enter the generated code when prompted):
   oidc-gen --flow=device --issuer=https://atlas-auth.web.cern.ch/ --scope-all atlas
   # After the first registration, skip the step above and instead simply add access to the refresh token:
   oidc-add atlas

3. # Obtain the new token:
   oidc-token atlas

More Information:

WLCG AuthZ Documentation