Commit 07bb3e11 authored by Maiken's avatar Maiken

Update oidc_tokens.rst - Adding info about how to find subject of token for arc.conf authgroups

parent 95776d33
Pipeline #7671 passed with stages
in 53 minutes and 32 seconds
......@@ -90,6 +90,10 @@ can be '*' to match any value. For example
matches a user with subject e83eec5a-e2e3-43c6-bb67-df8f5ec3e8d0 in token issued by
https://wlcg.cloud.cnaf.infn.it/ .
.. note::
Until the handling of authtokens is integrated with arcproxy you must find the subject of the token using a tool like e.g. https://jwt.io/ .
User mapping to local account is implemented using a simulated X.509 user subject.
The subject provided by an OIDC token is unique only in scope of the identity provider.
To generate a globally unique user-identifier issuer and subject are cocatenated like
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment