Task #7606
Story #7605: MemberNodes not authorizing CN to harvest log records
NRDC does not trust the CN certificate for log harvesting
30%
Description
urn:node:NRDC throws a NotAuthorized exception when the CN attempts to harvest log records:
org.dataone.service.exceptions.NotAuthorized: Access allowed only for DataONE infrastructure. Active subjects: authenticatedUser (equivalent), public (equivalent), CN=urn:node:CNUCSB1,DC=dataone,DC=org (primary). Trusted subjects: CN=urn:node:NRDC,DC=dataone,DC=org
From the message it appears that NRDC may only trust itself to harvest log records.
History
#1 Updated by Laura Moyers almost 9 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 30
NRDC operates as a reverse proxy; perhaps their setup has something to do with this behavior. Investigating.
#2 Updated by Laura Moyers almost 9 years ago
Laura, Robert, and Mark met with Eric Fritzinger from NRDC on 2/3/16. Eric is planning to rework the NRDC setup from reverse proxy to "normal" public-facing operations. He'll have to coordinate with the UNR IT folks as they try to keep all the UNR stuff tightly controlled.
#3 Updated by Robert Waltz over 8 years ago
- Description updated (diff)
