Difference between revisions of "EGI Quality Criteria Testing"
Jump to navigation
Jump to search
(→DRAFT) |
|||
Line 14: | Line 14: | ||
=== AUTHN_CRED_2 === | === AUTHN_CRED_2 === | ||
Verifiers need a valid SHA-2 proxy for testing. The easiest way of getting such certificate is using ... | Verifiers need a valid SHA-2 proxy for testing. The easiest way of getting such certificate is using a provider like CILogon, using their (unaccredited) OpenID provider like Google | ||
(instructions from D. Groep) | |||
# Go to https://cilogon.org/ | |||
# Select "Google" from the list of IdPs. | |||
# After signing in to Google and typing in a password, you can download a pkcs#12 file with your new certificate and private key. | |||
# To get the conventional usercert.pem and userkey.pem, use openssl: | |||
openssl pkcs12 -in myfile.p12 -info -out usercert.pem -nokeys | |||
openssl pkcs12 -in myfile.p12 -info -out userkey.pem -nocerts | |||
chmod 0600 userkey.pem | |||
Services to test need to have the OpenID CA just like the other IGTF CAs, which is available from the [https://dist.eugridpma.info/distribution/current/experimental/ experimental repository]. A [https://dist.eugridpma.info/distribution/current/experimental/RPMS/ca_cilogon-openid-1.48-1.noarch.rpm RPM package] is also provided. | |||
=== AUTHN_CRED_3 === | === AUTHN_CRED_3 === | ||
RFC proxy support. | RFC proxy support. |
Revision as of 13:00, 1 August 2012
Information Model Capability
INFO_MODEL_SCHEMA_1
Use GlueValidator for testing the validity of both Glue1.3 and Glue2.
Some exceptions may be allowed:
- AssertionError: The field GLUE2EndpointCapability with value 'information.publication' does not follow the type Capability_t
Authentication Capability
AUTHN_CRED_2
Verifiers need a valid SHA-2 proxy for testing. The easiest way of getting such certificate is using a provider like CILogon, using their (unaccredited) OpenID provider like Google
(instructions from D. Groep)
- Go to https://cilogon.org/
- Select "Google" from the list of IdPs.
- After signing in to Google and typing in a password, you can download a pkcs#12 file with your new certificate and private key.
- To get the conventional usercert.pem and userkey.pem, use openssl:
openssl pkcs12 -in myfile.p12 -info -out usercert.pem -nokeys openssl pkcs12 -in myfile.p12 -info -out userkey.pem -nocerts chmod 0600 userkey.pem
Services to test need to have the OpenID CA just like the other IGTF CAs, which is available from the experimental repository. A RPM package is also provided.
AUTHN_CRED_3
RFC proxy support.