deploy: 0ad76c0

404.html

@@ -14,15 +14,15 @@
 
 
       <link rel="icon" href="/assets/images/favicon.png">
-      <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.3">
+      <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.14">
 
 
 
         <title>Token-based AuthN/Z for WLCG</title>
 
 
 
-      <link rel="stylesheet" href="/assets/stylesheets/main.50c56a3b.min.css">
+      <link rel="stylesheet" href="/assets/stylesheets/main.10ba22f1.min.css">
 
 
         <link rel="stylesheet" href="/assets/stylesheets/palette.06af60db.min.css">
@@ -215,12 +215,10 @@
 
 
 
-
     <li class="md-nav__item md-nav__item--nested">
 
 
 
-
         <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
 
 
@@ -357,12 +355,10 @@
 
 
 
-
     <li class="md-nav__item md-nav__item--nested">
 
 
 
-
         <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_6" >
 
 
@@ -567,10 +563,10 @@ <h1>404 - Not found</h1>
     </div>
 
 
-    <script id="__config" type="application/json">{"base": "/", "features": [], "search": "/assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
+    <script id="__config" type="application/json">{"base": "/", "features": [], "search": "/assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
 
 
-      <script src="/assets/javascripts/bundle.d7c377c4.min.js"></script>
+      <script src="/assets/javascripts/bundle.bd41221c.min.js"></script>
 
 
   </body>

index.html

@@ -16,15 +16,15 @@
 
 
       <link rel="icon" href="assets/images/favicon.png">
-      <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.3">
+      <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.14">
 
 
 
         <title>Token-based AuthN/Z for WLCG</title>
 
 
 
-      <link rel="stylesheet" href="assets/stylesheets/main.50c56a3b.min.css">
+      <link rel="stylesheet" href="assets/stylesheets/main.10ba22f1.min.css">
 
 
         <link rel="stylesheet" href="assets/stylesheets/palette.06af60db.min.css">
@@ -304,12 +304,10 @@
 
 
 
-
     <li class="md-nav__item md-nav__item--nested">
 
 
 
-
         <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
 
 
@@ -446,12 +444,10 @@
 
 
 
-
     <li class="md-nav__item md-nav__item--nested">
 
 
 
-
         <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_6" >
 
 
@@ -798,10 +794,10 @@ <h3 id="example">Example</h3>
     </div>
 
 
-    <script id="__config" type="application/json">{"base": ".", "features": [], "search": "assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
+    <script id="__config" type="application/json">{"base": ".", "features": [], "search": "assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
 
 
-      <script src="assets/javascripts/bundle.d7c377c4.min.js"></script>
+      <script src="assets/javascripts/bundle.bd41221c.min.js"></script>
 
 
   </body>

token-based-authorization/compliance/index.html

@@ -18,15 +18,15 @@
 
 
       <link rel="icon" href="../../assets/images/favicon.png">
-      <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.3">
+      <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.14">
 
 
 
         <title>WLCG JWT compliance - Token-based AuthN/Z for WLCG</title>
 
 
 
-      <link rel="stylesheet" href="../../assets/stylesheets/main.50c56a3b.min.css">
+      <link rel="stylesheet" href="../../assets/stylesheets/main.10ba22f1.min.css">
 
 
         <link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
@@ -226,12 +226,10 @@
 
 
 
-
     <li class="md-nav__item md-nav__item--active md-nav__item--nested">
 
 
 
-
         <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" checked>
 
 
@@ -435,12 +433,10 @@
 
 
 
-
     <li class="md-nav__item md-nav__item--nested">
 
 
 
-
         <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_6" >
 
 
@@ -703,10 +699,10 @@ <h2 id="results">Results</h2>
     </div>
 
 
-    <script id="__config" type="application/json">{"base": "../..", "features": [], "search": "../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
+    <script id="__config" type="application/json">{"base": "../..", "features": [], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
 
 
-      <script src="../../assets/javascripts/bundle.d7c377c4.min.js"></script>
+      <script src="../../assets/javascripts/bundle.bd41221c.min.js"></script>
 
 
   </body>

token-based-authorization/configuration/dcache/index.html

@@ -18,15 +18,15 @@
 
 
       <link rel="icon" href="../../../assets/images/favicon.png">
-      <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.3">
+      <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.14">
 
 
 
         <title>dCache - Token-based AuthN/Z for WLCG</title>
 
 
 
-      <link rel="stylesheet" href="../../../assets/stylesheets/main.50c56a3b.min.css">
+      <link rel="stylesheet" href="../../../assets/stylesheets/main.10ba22f1.min.css">
 
 
         <link rel="stylesheet" href="../../../assets/stylesheets/palette.06af60db.min.css">
@@ -226,12 +226,10 @@
 
 
 
-
     <li class="md-nav__item md-nav__item--active md-nav__item--nested">
 
 
 
-
         <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" checked>
 
 
@@ -370,12 +368,10 @@
 
 
 
-
     <li class="md-nav__item md-nav__item--active md-nav__item--nested">
 
 
 
-
         <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_6" checked>
 
 
@@ -909,7 +905,9 @@ <h3 id="dcache-72-configuration">dCache 7.2 configuration</h3>
 # assuming that VO starts in top level directory
 gplazma.scitoken.issuer!wlcg = https://wlcg.cloud.cnaf.infn.it/ /wlcg
 gplazma.scitoken.issuer!altas = https://atlas-auth.web.cern.ch/ /atlas
+gplazma.scitoken.issuer!altas_new = https://atlas-auth.cern.ch/ /atlas
 gplazma.scitoken.issuer!cms = https://cms-auth.web.cern.ch/ /cms
+gplazma.scitoken.issuer!cms_new = https://cms-auth.cern.ch/ /cms
 # assuming that dCache WebDAV service runs on default HTTPS port 443 for doors dcache.example.com
 #gplazma.scitoken.audience-targets = https://dcache.example.com
 # you can specify multiple audiences (https://wlcg.cern.ch/jwt/v1/any is necessary for compliance testbed)
@@ -931,6 +929,7 @@ <h3 id="dcache-8292-configuration">dCache 8.2/9.2 configuration</h3>
 <li>WLCG JWT explicit authorization implemented in 8.2.32 and 9.2.0 (needs workaround in IAM token issuer)</li>
 <li>Recommended for WLCG experiments are 8.2.35+ and 9.2.3+ (versions older than 8.2.22 can't be used with WLCG JWT tokens)</li>
 </ol>
+<p><strong>WARNING</strong>: in April 2024 CERN IAM is going to add new token issuer hostnames and you should add them also in the configuration files (yes, this is sensitive from security point of view but currently we don't have official list of trusted token issuer names associated with VOs).</p>
 <p>Following minimal configuration adds support to access files with WLCG JWL tokens</p>
 <pre><code># /etc/dcache/gplazma.conf
 ...
@@ -943,7 +942,9 @@ <h3 id="dcache-8292-configuration">dCache 8.2/9.2 configuration</h3>
 # assuming that VO starts in top level directory
 gplazma.oidc.provider!wlcg = https://wlcg.cloud.cnaf.infn.it/ -profile=wlcg -prefix=/wlcg -authz-id=&quot;uid:1999 gid:1999 username:wlcg_oidc&quot;
 gplazma.oidc.provider!altas = https://atlas-auth.web.cern.ch/ -profile=wlcg -prefix=/atlas -authz-id=&quot;uid:2999 gid:2999 username:atlas_oidc&quot;
+gplazma.oidc.provider!altas_new = https://atlas-auth.cern.ch/ -profile=wlcg -prefix=/atlas -authz-id=&quot;uid:2999 gid:2999 username:atlas_oidc&quot;
 gplazma.oidc.provider!cms = https://cms-auth.web.cern.ch/ -profile=wlcg -prefix=/cms -authz-id=&quot;uid:3999 gid:3999 username:cms_oidc&quot;
+gplazma.oidc.provider!cms_new = https://cms-auth.cern.ch/ -profile=wlcg -prefix=/cms -authz-id=&quot;uid:3999 gid:3999 username:cms_oidc&quot;
 # assuming that dCache WebDAV service runs on default HTTPS port 443 for doors dcache.example.com
 #gplazma.oidc.audience-targets = https://dcache.example.com
 # you can specify multiple audiences (https://wlcg.cern.ch/jwt/v1/any is necessary for compliance testbed)
@@ -1070,6 +1071,9 @@ <h4 id="configuration">configuration</h4>
 # VO issuer prefix:
 # assuming that namespace for VO data is stored in the top level directory /atlas
 gplazma.oidc.provider!atlas = https://atlas-auth.web.cern.ch/ -profile=wlcg -prefix=/atlas -authz-id=&quot;uid:2001 gid:2001 username:atlas_oidc_with_storage_scope&quot;
+# in April 2024 CERN is going to introduce new token issuer hostnames for experiments
+# to be ready for this update you should include also new issuer hostname
+gplazma.oidc.provider!atlas_new = https://atlas-auth.cern.ch/ -profile=wlcg -prefix=/atlas -authz-id=&quot;uid:2001 gid:2001 username:atlas_oidc_with_storage_scope&quot;
 # In case ATLAS VO namespace starts in /pnfs/example.com/atlas than you must use this full prefix
 # in the provider configuration. Using &quot;/&quot; prefix (most probably for any VO) is wrong with severe
 # security implications
@@ -1136,10 +1140,10 @@ <h4 id="configuration">configuration</h4>
     </div>
 
 
-    <script id="__config" type="application/json">{"base": "../../..", "features": [], "search": "../../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
+    <script id="__config" type="application/json">{"base": "../../..", "features": [], "search": "../../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
 
 
-      <script src="../../../assets/javascripts/bundle.d7c377c4.min.js"></script>
+      <script src="../../../assets/javascripts/bundle.bd41221c.min.js"></script>
 
 
   </body>

token-based-authorization/configuration/dpm/index.html

@@ -18,15 +18,15 @@
 
 
       <link rel="icon" href="../../../assets/images/favicon.png">
-      <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.3">
+      <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.14">
 
 
 
         <title>DPM - Token-based AuthN/Z for WLCG</title>
 
 
 
-      <link rel="stylesheet" href="../../../assets/stylesheets/main.50c56a3b.min.css">
+      <link rel="stylesheet" href="../../../assets/stylesheets/main.10ba22f1.min.css">
 
 
         <link rel="stylesheet" href="../../../assets/stylesheets/palette.06af60db.min.css">
@@ -226,12 +226,10 @@
 
 
 
-
     <li class="md-nav__item md-nav__item--active md-nav__item--nested">
 
 
 
-
         <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" checked>
 
 
@@ -370,12 +368,10 @@
 
 
 
-
     <li class="md-nav__item md-nav__item--active md-nav__item--nested">
 
 
 
-
         <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_6" checked>
 
 
@@ -609,10 +605,10 @@ <h1 id="dpm">DPM</h1>
     </div>
 
 
-    <script id="__config" type="application/json">{"base": "../../..", "features": [], "search": "../../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
+    <script id="__config" type="application/json">{"base": "../../..", "features": [], "search": "../../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
 
 
-      <script src="../../../assets/javascripts/bundle.d7c377c4.min.js"></script>
+      <script src="../../../assets/javascripts/bundle.bd41221c.min.js"></script>
 
 
   </body>

token-based-authorization/configuration/requirements/index.html

@@ -18,15 +18,15 @@
 
 
       <link rel="icon" href="../../../assets/images/favicon.png">
-      <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.3">
+      <meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.14">
 
 
 
         <title>Requirements - Token-based AuthN/Z for WLCG</title>
 
 
 
-      <link rel="stylesheet" href="../../../assets/stylesheets/main.50c56a3b.min.css">
+      <link rel="stylesheet" href="../../../assets/stylesheets/main.10ba22f1.min.css">
 
 
         <link rel="stylesheet" href="../../../assets/stylesheets/palette.06af60db.min.css">
@@ -226,12 +226,10 @@
 
 
 
-
     <li class="md-nav__item md-nav__item--active md-nav__item--nested">
 
 
 
-
         <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" checked>
 
 
@@ -370,12 +368,10 @@
 
 
 
-
     <li class="md-nav__item md-nav__item--active md-nav__item--nested">
 
 
 
-
         <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_6" checked>
 
 
@@ -792,10 +788,10 @@ <h2 id="belle-ii-storage">Belle II Storage</h2>
     </div>
 
 
-    <script id="__config" type="application/json">{"base": "../../..", "features": [], "search": "../../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
+    <script id="__config" type="application/json">{"base": "../../..", "features": [], "search": "../../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
 
 
-      <script src="../../../assets/javascripts/bundle.d7c377c4.min.js"></script>
+      <script src="../../../assets/javascripts/bundle.bd41221c.min.js"></script>
 
 
   </body>