• About
• News
• License
• Download
• Installation
• Documentation
• Reference
• Support
• Security
• Privacy
• Troubleshooting
• Bugs: 1 2
• Sources
• Publications
• Presentations
• MyProxyLogon
• OAuth
• NCSA Server
• TeraGrid
• Protocol
• Anniversary

MyProxy > Docs > User's Guide > MyProxy and Grid Portals

MyProxy and Grid Portals

MyProxy provides a solution for delegating credentials to Grid portals to allow the portal to authenticate to Grid services on the user's behalf. A Grid portal is a web server that provides an interface to Grid services, allowing users to submit compute jobs, transfer files, and query Grid information services from a standard web browser.

The following software is available for integrating MyProxy with Grid portals and other web applications:

• OAuth for MyProxy providing an OAuth-compliant REST web interface to the MyProxy service for issuing user certificates to science gateways.
• The MyProxy JAAS Module supports MyProxy authentication and authorization via the JAAS framework.
• A MyProxy Apache module is available.
• MyProxy supports integration with the Pubcookie web single sign-on system.
• The Open Grid Computing Environment (OGCE) collaboratory provides software for building grid computing portals using MyProxy. See the OGCE MyProxyAuthModule.java for a good example of using MyProxy for portal authentication.
• The GridSphere credential manager portlet supports MyProxy. See the Single Sign-on section of the GridSphere Grid Portlets Administrator's Guide. See also the Grid Account Management Architecture (GAMA) for GridSphere and the OGCE GridSphere MyProxy SSO Module. (See also GAMAv2.)
• Tsukuba-GAMA is derived from GAMA and provides a portal-based account management arhitecture.
• PURSE: a Portal-based User Registration Service, combines the Simple CA with MyProxy. See also purse-portlets.
• GridPort also interfaces with MyProxy.
• The Extreme! Computing Lab's Proxy Manager Xportlet interfaces with MyProxy.
• The Tsukuba-GAMA Servlet Authentication Filter allows clients to authenticate against MyProxy and VOMS servers via HTTP basic authentication.

Each specific Grid portal toolkit should provide its own documentation and support for working with MyProxy. However, this page includes some general information about using MyProxy with Grid portals.

Using MyProxy with a Grid Portal

To use MyProxy with a Grid portal, you first store a Grid credential on a MyProxy server that the portal can use. Some portals are configured to use specific MyProxy servers only and do not allow you to specify additional MyProxy servers, so it is important to check first that the portal can use your chosen MyProxy server. To store a Grid credential on the MyProxy server, run the myproxy-init command on a computer where your Grid credentials are located. For example:

  $ myproxy-init -a -s myproxy.ncsa.uiuc.edu
  Your identity: /C=US/O=National Computational Science Alliance/CN=Jim Basney
  Enter GRID pass phrase for this identity:
  Creating proxy ........................................... Done
  Your proxy is valid until Fri Sep 13 13:52:56 2002
  Enter MyProxy Pass Phrase:
  Verifying password - Enter MyProxy Pass Phrase:
  A proxy valid for 168 hours (7.0 days) for user jbasney now exists on myproxy.ncsa.uiuc.edu.

The myproxy-init command prompts first for the pass phrase of your Grid credentials and then prompts twice for a new pass phrase to use to secure the credentials on the MyProxy server. By default, the credential is stored under your Unix username (jbasney in the example above) for 7 days. Refer to the myproxy-init documentation for the details of all the myproxy-init options.

Once you've stored a credential on the MyProxy server, you can "login" to the Grid portal with your MyProxy username and pass phrase. If the Grid portal supports multiple MyProxy servers, you will also need to indicate which MyProxy server you're using on the portal login page. Once you login, you should be able to use the Grid portal interface to access Grid services. The Grid portal's documentation should have more details about the specifics of using MyProxy with that portal.

Configuring a Grid Portal to Use MyProxy

The Grid portal takes the MyProxy username and pass phrase entered by the user and uses them to authenticate to the MyProxy server to retrieve a credential. The portal can use the myproxy-get-delegation command to retrieve the credential or can use a MyProxy API provided by a portal toolkit or CoG kit (see examples above).

A very simple html file and cgi script for using MyProxy with a Grid portal is available here. The html file presents a form for requesting a proxy. After filling out the form, the CGI script, myproxy-get-delegation.cgi, runs myproxy-get-delegation with the user supplied input and returns the output of the command. The CGI script myproxy-get-delegation.cgi is intended to demonstrate the use of myproxy-get-delegation and can be modified to suit a particular portal's requirements. If a proxy is succesfully retrieved from myproxy-server, it will store the proxy in the top-level directory under <username>.cred.

Last modified 09/01/15.
©2000-2019 Board of Trustees of the University of Illinois.