gLite > gLite 3.1 > glite-VOMS_oracle > Update to glite-VOMS_oracle 3.1.25-0  
 
 

 

 

gLite 3.1

glite-VOMS_oracle - Update to version 3.1.25-0


Date 28.10.2009
Priority Normal

Description



glite-VOMS_mysql, glite-VOMS_oracle, glite-UI, glite-VOBOX

New version of VOMS Admin and Clients:

New VOMS Admin features:

The VOMS SAML codebase developed during the OMII project has been integrated into the codebase. Now VOMS Admin exposes a service, called VOMSSaml that can be used to obtain a SAML assertion containing signed VOMS attributes.

Since the VOMS SAML Attribute authority (AA) needs to sign the issued assertions, when configuring the service you should define which X509 certificate and private key will be used for signing.

New VOMS Admin service properties:

  • voms.aa.certificate
  • voms.aa.key

The validity of issued attribute assertions can be limited with the voms.saml.max_assertion_lifetime service property.

The voms-admin-configure script has been extended to support flags to set these properties at configuration time.

Type voms-admin-configure --help for more information.

Updated dependencies:

VOMS SAML makes extensive use of the OpenSAML library, which requires a recent version of java xml parsing tools installed in your Java Runtime Environment.

The VOMS Admin distribution provides the jars you need to make your tomcat installation OpenSAML compliant. You just need to issue the following command:

cp $GLITE_LOCATION/share/voms-admin/endorsed/*.jar $CATALINA_HOME/common/endorsed

or change the tomcat startup script to include the following system property:

-Djava.endorsed.dirs=$GLITE_LOCATION/share/voms-admin/endorsed

VOMS Admin Server SAML attribute authority configuration handling.

Optional advanced parameters added:

  1. voms.admin.configure.endorsed

    2. Type: boolean
    Context: server level

    Adds $GLITE_LOCATION/share/voms-admin/endorsed to JAVA_ENDORSED_DIRS in Tomcat. The default value is "true".

  2. voms.saml.aaCertificate

    3. Type: string
    Context: server level/VO level

    The location of the certificate to be used by the VOMS SAML attribute authority. By default the tomcat SSL certificate is used.

  3. voms.saml.aaPrivateKey

    4. Type: string
    Context: server level/VO level

    The location of the certificate to be used by the VOMS SAML attribute authority. By default the tomcat SSL private key is used.

  4. voms.admin.membershipRequest.timeout

    5. Type: integer
    Default value: 86400
    Context: server level/VO level

    Sets the timeout in seconds before voms-admin removes unconfirmed registration requests from the VO database.

  5. voms.saml.max_assertion_lifetime

    6. Type: integer
    Default value: 720
    Context: server level/VO level

    Sets the lifetime, in seconds, of issued SAML assertions

  6. voms.admin.membershipRequest.emailOnExpire

    7. Type: boolean
    Default value: true
    Context: server level/VO level

    Configures voms-admin to send a warning email to the user when his/her unconfirmed request is removed from the database.

This release introduces also automatic configuration of read-only access for anyone with a valid certificate (needed for the gridmap file generation on the relevant grid hosts). Applies only to newly created VOs.

glite-CREAM, glite-FTA_oracle, glite-FTS_oracle, glite-LFC_mysql, glite-LFC_oracle, glite-PX, glite-SE_dpm_disk, glite-SE_dpm_mysql, glite-UI, glite-VOBOX, glite-VOMS_mysql, glite-VOMS_oracle, glite-WMS, glite-WN, lcg-CE

New version of lcg-vomscerts:

lcg-vomscerts-5.6.0 adds new cert for voms.fnal.gov and removes old certs for voms.fnal.gov, voms.cern.ch and voms-pilot.cern.ch



Please also have a look at the list of known issues.

This update fixes various bugs. For the full list of bugs, please see list below.

Fixed bugs

Number Description
 #39626 new VO user request expiration time
 #39785 voms-admin --help-commands has output that is too wide
 #40372 Illegal whitespace in address error in VOMS when one of the admins has more than one e-mail address
 #42536 voms-admin CLI argument parsing not failure resilient
 #42939 [VOMS-ADMIN] upgrade procedure needs workaround
 #43173 voms-admin to easily allow browsing of users/groups/roles for authorised users even when registration is disabled
 #44332 Add a --skip-voms-core to voms-admin-configure
 #46144 [VOMS ADMIN] NullPointerException caught when setting a user generic attribute value

Updated rpms

Name Version Full RPM name Description
glite-VOMS_oracle 3.1.25-0 glite-VOMS_oracle-3.1.25-0.i386.rpm gLite metapackage (glite-VOMS_oracle)
glite-security-voms-admin-client 2.0.10-1 glite-security-voms-admin-client-2.0.10-1.noarch.rpm org.glite.security.voms-admin-client v. 2.0.10-1
glite-security-voms-admin-server 2.0.18-1 glite-security-voms-admin-server-2.0.18-1.noarch.rpm gLite VOMS Admin service
glite-voms-server-config 3.1.7-4.slc4 glite-voms-server-config-3.1.7-4.slc4.i386.rpm gLite VOMS server configuration files
lcg-vomscerts 5.6.0-1 lcg-vomscerts-5.6.0-1.noarch.rpm lcg-vomscerts

The RPMs can be updated using yum via

Service reconfiguration after update

Service must be reconfigured.

Service restart after update

Service must be restarted.

How to apply the fix

  1. Update the RPMs (see above)
  2. Update configuration (see above)
  3. Restart the service if necessary (see above)