National Center for Supercomputing Applications MyProxy Credential Management Service University of Illinois at Urbana-Champaign

[Valid HTML 4.01]
[Valid CSS]
[Valid Atom 1.0]

(OSI Certified)

MyProxy and Grid Portals

MyProxy provides a solution for delegating credentials to Grid portals to allow the portal to authenticate to Grid services on the user's behalf. A Grid portal is a web server that provides an interface to Grid services, allowing users to submit compute jobs, transfer files, and query Grid information services from a standard web browser.

The following software is available for integrating MyProxy with Grid portals and other web applications:

Each specific Grid portal toolkit should provide its own documentation and support for working with MyProxy. However, this page includes some general information about using MyProxy with Grid portals.

Using MyProxy with a Grid Portal

To use MyProxy with a Grid portal, you first store a Grid credential on a MyProxy server that the portal can use. Some portals are configured to use specific MyProxy servers only and do not allow you to specify additional MyProxy servers, so it is important to check first that the portal can use your chosen MyProxy server. To store a Grid credential on the MyProxy server, run the myproxy-init command on a computer where your Grid credentials are located. For example:

  $ myproxy-init -a -s
  Your identity: /C=US/O=National Computational Science Alliance/CN=Jim Basney
  Enter GRID pass phrase for this identity:
  Creating proxy ........................................... Done
  Your proxy is valid until Fri Sep 13 13:52:56 2002
  Enter MyProxy Pass Phrase:
  Verifying password - Enter MyProxy Pass Phrase:
  A proxy valid for 168 hours (7.0 days) for user jbasney now exists on

The myproxy-init command prompts first for the pass phrase of your Grid credentials and then prompts twice for a new pass phrase to use to secure the credentials on the MyProxy server. By default, the credential is stored under your Unix username (jbasney in the example above) for 7 days. Refer to the myproxy-init documentation for the details of all the myproxy-init options.

Once you've stored a credential on the MyProxy server, you can "login" to the Grid portal with your MyProxy username and pass phrase. If the Grid portal supports multiple MyProxy servers, you will also need to indicate which MyProxy server you're using on the portal login page. Once you login, you should be able to use the Grid portal interface to access Grid services. The Grid portal's documentation should have more details about the specifics of using MyProxy with that portal.

Configuring a Grid Portal to Use MyProxy

The Grid portal takes the MyProxy username and pass phrase entered by the user and uses them to authenticate to the MyProxy server to retrieve a credential. The portal can use the myproxy-get-delegation command to retrieve the credential or can use a MyProxy API provided by a portal toolkit or CoG kit (see examples above).

A very simple html file and cgi script for using MyProxy with a Grid portal is available here. The html file presents a form for requesting a proxy. After filling out the form, the CGI script, myproxy-get-delegation.cgi, runs myproxy-get-delegation with the user supplied input and returns the output of the command. The CGI script myproxy-get-delegation.cgi is intended to demonstrate the use of myproxy-get-delegation and can be modified to suit a particular portal's requirements. If a proxy is succesfully retrieved from myproxy-server, it will store the proxy in the top-level directory under <username>.cred.

Last modified 09/01/15.
©2000-2016 Board of Trustees of the University of Illinois.