gsi_logout()
Gridport::Authentication
Perl extension for handling authentication, ie. login and logout to a gridport portal. Can be configured to use a certificate repository or myproxy.
use Gridport::Authentication;
my $gp = new Gridport::Authentication;
...
## log user into portal initially - user myproxy
use Gridport::Authentication;
my $gp = new Gridport::Authentication;
$gp->gsi_myproxy_login(username=>'myproxyusername', passphrase=>'yourmyproxypassphrase', portal=>'hotpage', myproxy_server=>'ca.sdsc.edu', portal_proxy=>'/path/to/portal/proxy/file' );
-------------------------------------------------------------------------
## log user into portal initially - using repository
use Gridport::Authentication;
my $gp = new Gridport::Authentication;
$gp->gsi_login(username=>'username',passphrase=>'passphrase',portal=>'your_gridport_portal');
-------------------------------------------------------------------------
#Logout
use Gridport::Authentication;
my $gp = new Gridport::Authentication;
$gp->gsi_logout();
-------------------------------------------------------------------------
## for checking during logged in session if the user is still logged in
use Gridport::Authentication;
my $gp = new Gridport::Authentication;
my $login_state = $gp->get_login_state(gsi=>'true');
if(!defined($login_state)) {
print header;
print "<html><head></head><body bgcolor=white>";
print "<br> you are not properly logged in...<br></body></html>\n";
exit;
}
...
Cog::lib::Cog::Globus::Job, Cog::lib::Cog::Globus::RSL, Cog::lib::Cog::Globus::Run, Cog::lib::Cog::Globus::URLCopy, Cog::lib::Cog::MDS::Search, Cog::lib::Cog::Security::Cacl, Cog::lib::Cog::Security::Myproxy, Cog::lib::Cog::Security::Proxy, Cog::src::Config, CogUtil::lib::CogUtil::Log, CogUtil::lib::CogUtil::UnixRun, Gridport::lib::Gridport::Authentication, Gridport::lib::Gridport::FileTransfer, Gridport::lib::Gridport::Job, Gridport::lib::Gridport::ProxyForward, Gridport::lib::Gridport::SRB, NWS::lib::NWS, SRB::lib::SRB
Maytal Dahan maytal@tacc.utexas.edu Catherine Mills cmills@sdsc.edu Stephen Mock mock@sdsc.edu
Description: Used to instantiate a Gridport Authentication object. This needs to be done before logging in/out or checking authentication. It handles setting up the environment as well.
Parameters: None
Usage: use Gridport::Authentication; my $gp_obj = new Gridport::Authentication;
Returns: a Gridport::Authentication object
Description: Used to dump an entire gridport authentication objects contents to a string it prints out the cookie, session info, login state, username
Parameters: None
Usage: $str = $gpauthobj->to_string();
Returns: A string that has all the authentication information
Description: Used to check the login state of a gridport auth object.
Parameters: gsi=>'true' should be passed in, this is in case we add other authentication methods down the line.
Usage: $login_state = $gpauthobj->get_login_state(); if($login_state == 1) { print ``loggedin''; }
Returns: 1 if logged in.
Description: Gets the error string from authentication
Parameters: None
Usage: $err = $gpauthobj->get_error();
Returns: String that is the error value
Description: Gets the location of the proxy file
Parameters: None
Usage: $proxy_loc = $gpauth->get_proxy_file();
Returns: String that is the location of the users proxy file
Description: Logs the user in to gridport. The user gives a username and passphrase which maps to a user x509 certificate and key pair in the gridport repository and the passphrase is the passphrase for the cert and key pair. The passphrase is used to create a proxy which is used for this user's session. A cookie is created in the browser so that the session can be tracked.
Parameters: username - the username of the user logging in. passphrase - the x509 certificate passphrase portal - the name of the portal they're logging in through (just used for logging)
Usage: $login_state = $gp->gsi_login(username=>$user, passphrase=>$pass, portal=>'gridport2_test_portal');
Returns: 1 if successful undef if not
Warning: passing undefined, blank, or otherwise lame username/passphrases in can have very messy effects. Try to check them before you pass them in.
Description: login using myproxy to provide the proxy certificate.
Parameters: username - the myproxy username passphrase - the myproxy passphrase portal - just a string telling which portal you're loggin in through myproxy_server - the myproxy server you are retrieving a proxy cert from
Optional Parameters: myproxy_port - the port on the myproxy server to connect to portal_proxy - the proxy file that the webserver is using to authenticate to the myproxy server with to proove it's an authorized myproxy getting entity
Usage: my $login_state = $gp->gsi_myproxy_login(username=>'myproxyusername', passphrase=>'yourmyproxypassphrase', portal=>'hotpage', myproxy_server=>'ca.sdsc.edu', portal_proxy=>'/path/to/portal/proxy/file' );
Returns: 1 if successful, undef if not
Description: Sets the enviroment variables neccessary for a myproxy login by the myproxy module. This is called internally in the gsi_myproxy_login
Parameters: None
Usage: my $myp_env = $self->set_myproxy_env();
Returns: 1 if successful undef if not
Description: sets the GLOBUS_INSTALL_PATH, X509_USER_PROXY env vars by pulling the globus install path from the Cog::Config module and the x509_user_proxy from the login subs here internal and not meant to be used outside
Parameters: None
Usage: $self->set_gsi_env();
Returns: Nothing
gsi_logout()Description/Usage: Used to logout of a portal. It destroys the users cookie, session file and proxy.
Parameters: None
Usage: $gp->gsi_logout();
Description: takes a type of login to check for, returns 'login_state' (1 or 0 now) done this way to allow for other authentication schemes at some point
Parameters: gsi - 1 or 0
Usage: $logged_in = $gp->check_login_state(gsi =>'true');
Returns: 1 or 0 if logged in
Description: Returns the value of a cookie with the passed in name
Parameters: cookie_name - the name of the cookie
Usage: $cookie_value = $self->get_cookie('cookie_name');
Returns: the value of the cookie
Description: Set cookie sets a cookie for gridport to keep track of the session The secure arg is optional, and secure by default
Parameters: name - cookie name value -cookie value domain - cookie domain secure - if the cookie is secure or not, by default secure
Usage: $cookie = $self->set_cookie( name => $name, value => $value, domain => $domain, secure => 1 );
Returns: returns the CGI::Cookie or undef
Description: writes an expired cookie that the logout subroutine can write to the browser. This will delete the users gridport cookie, this happens when the user logs out and is internal
Parameters: name - cookie name value - cookie value domain - cookie domain secure - is the cookie secure
Usage: my $cookie = $self->delete_cookie(name=>$c_name,value=>$session, domain=>$c_domain,secure=>1);
Returns: the expired cookie to set to the browser or undef if unsuccessful
Description: Checks for the users session and returns the location of the session file or undefined.
Parameters: None
Usage: my $session_loc = $gp->check_session ();
Returns: either returns the full location of the session file, or undef
Description: Checks if a proxy exists and returns a proxy file location
Parameters: None
Usage:
$proxy_loc = $self->check_proxy()
Returns: the location of the proxy or undefined if proxy doesn't exist
Description: This has to do with the permission of a proxy and the fact that various webid's can use the same installation of gridport. When a user logs in it creates a proxy that all the web servers can use, then that specific web server can get its own copy of the proxy with only read permissions which is what the proxy has to be set as in order to use it. This is an INTERNAL subroutine and should not be used outside of the authentication code.
Parameters: domain_proxy webid_proxy
Usage: $self->checkout_proxy($domain_proxy,$proxy_file);
Returns: undefined
Description: This is used when when the user logs in to create a random session id. uses the MD5 algorithm to produce a 16 character session ID string so that each session is unique.
Parameters: None
Usage: $s_id = $self->make_session_id();
Returns: session id
Description: When the user logs in it creates a session file for the user. This makes a session file in the gridport repository.
Parameters: session_string - this is the contents of the session file
Usage: my $sess_id = $self->make_session_file($session_string);
Returns: a random string that is the session id
Description: Returns an error string if an error was generated while calling a subroutine.
Parameters: None
Usage: $err = $gp->get_error();
Returns: The error
Description: Returns the username of the user logged in
Parameters: None
Usage: $u = $gp->get_username();
Returns: the portal username
Description: checks out the certificate and key
Parameters: username - the portal username
Usage: my $checkout = $self->checkout_gsi_credentials(username=>$username);
Returns: 1 if successful undef if unsuccessful
Description: checkout a copy of a file, used internally for checkout a certificate
Parameters: to - the file to checkout from - the location to check it out to
Usage: my $ch1 = $self->checkout(from =>$from_cert, to =>$to_cert);
Returns: 1 for success or undef
Description: deletes the staged certificates and makes a copy of the proxy for the domain area
Parameters: username proxy session
Usage: my $checkin = $self->checkin_gsi_credentials(username=>$username,proxy=>$proxy_file, session=>$session);
Returns: 1 for success or undef
Description: check in a copy of the proxy for use with a webid
Parameters: proxy session
Usage: my $checkin = $self->checkin_proxy(proxy=>$proxy_file, session=>$session);
Returns: 1 if successful undef if not
Description: This is used in GSI login
Parameters:
Usage: my $proxy = $self->gsi_proxy_init(passphrase=>$passphrase, proxy_file=>$proxy_file, keyfile=>$self->{'gsi_key'}, certificate=>$self->{'gsi_cert'} );
Returns:
Description: Opens the users session file and parses the contents and makes class variables with the value in the session file. It also updates the timestamp in the session file to show it was accessed.
Parameters: None
Usage: $self->read_session_file();
Returns: the session id or undefined if unsuccessful
Description: subroutine to cleanup the session files and proxy files that may be left over if you're using the single login feature with different webservers running as different webids
Parameters: None
Usage: $self->cleanup();
Returns: Nothing