Project

General

Profile

Task #7606

Story #7605: MemberNodes not authorizing CN to harvest log records

NRDC does not trust the CN certificate for log harvesting

Added by Robert Waltz almost 6 years ago. Updated over 5 years ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
Environment.Production
Target version:
Start date:
2016-01-26
Due date:
% Done:

30%

Milestone:
None
Product Version:
*
Story Points:
Sprint:

Description

urn:node:NRDC throws a NotAuthorized exception when the CN attempts to harvest log records:

org.dataone.service.exceptions.NotAuthorized: Access allowed only for DataONE infrastructure. Active subjects: authenticatedUser (equivalent), public (equivalent), CN=urn:node:CNUCSB1,DC=dataone,DC=org (primary). Trusted subjects: CN=urn:node:NRDC,DC=dataone,DC=org

From the message it appears that NRDC may only trust itself to harvest log records.

History

#1 Updated by Laura Moyers almost 6 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 30

NRDC operates as a reverse proxy; perhaps their setup has something to do with this behavior. Investigating.

#2 Updated by Laura Moyers almost 6 years ago

Laura, Robert, and Mark met with Eric Fritzinger from NRDC on 2/3/16. Eric is planning to rework the NRDC setup from reverse proxy to "normal" public-facing operations. He'll have to coordinate with the UNR IT folks as they try to keep all the UNR stuff tightly controlled.

#3 Updated by Robert Waltz over 5 years ago

  • Description updated (diff)

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)