Improve Auth Token Acquisition For Globus Transfers

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      To accommodate Globus transfers, users can authorize Pegasus via "pegasus-globus-online-init" to execute transfers between Globus endpoints/collections.

      However, new requirements have been introduced to some sites for authentication while using the Globus transfer service, and the tokens acquired by "pegasus-globus-online-init" do not meet all the requirements.

      An example is OLCF where they require users to "sign" the token against their domain identity. If the token hasn't been linked with the required domain identity then transfers fail with the following error. 

      "None of your identities are from domains allowed by resource policies"

      Some more background on this can be find on Globus Docs:

            Assignee:
            George Papadimitriou (Inactive)
            Reporter:
            George Papadimitriou (Inactive)
            Archiver:
            Rajiv Mayani

              Created:
              Updated:
              Resolved:
              Archived: