You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/source/UserGuide/GettingStarted/GettingUserIdentity/index.rst
+17-5Lines changed: 17 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -54,19 +54,31 @@ If another non-default user group is needed, the command becomes::
54
54
55
55
where ``user_group`` is the desired DIRAC group name for which the user is entitled.
56
56
57
+
.. note:: Starting with the 8.0, you able to generate proxy with new `dirac-login` command, use *--help* key to more information. E.g.: dirac-login <user_group>
58
+
57
59
Token authorization
58
60
-------------------
59
61
60
62
Starting with the 8.0 version of DIRAC, it is possible to authorize users through third party Identity Providers (IdP),
61
63
such as EGI Checkin [https://www.egi.eu/services/check-in/] or WLCG IAM (https://indigo-iam.github.io/v/current/).
62
-
To do this, you do not need to have a certificate if you use a terminal, the main thing is that you must be registered in one of the supported IdP. The registration process is different for each IdP.
64
+
You do not need a certificate for this in a terminal, the main thing is that you must be registered in one of the supported IdP. The registration process is different for each IdP.
65
+
66
+
Once your account is created, you will be able to register with DIRAC Authorization Server using *--use-diracas* key for the `dirac-login` command::
67
+
68
+
dirac-login <user_group> --use-diracas
63
69
64
-
Once your account is created, you will be able to register with DIRAC using the `dirac-login` command that will return tokens that will be used to access the services::
70
+
You can request to return the access token instead of a proxy using *--token* key::
65
71
66
-
dirac-login -g <user_group>
72
+
dirac-login <user_group> --token
67
73
68
74
But since not all services currently support tokens, you can get a proxy if you use the *--proxy* key::
69
75
70
-
dirac-login -g <user_group> --proxy
76
+
dirac-login <user_group> --proxy --use-diracas
77
+
78
+
.. note:: if you want to get a proxy after logging in to DIRAC Authorization Server you must first put it in DIRAC, see "Proxy initialization".
79
+
80
+
If you need to end the work session in this way to remove the received access token and related information, then use the following::
81
+
82
+
dirac-logout
71
83
72
-
Note that to get a proxy you must first put it in DIRAC, see "Proxy initialization".
0 commit comments