Proxy Manager User's Guide

• What is the Proxy Manager portlet?

• Do I need an X509 certificate?

• As a regular portal user, what do I need to do before using Proxy Manager portlet?

• As a portal adminitrator, what do I need to do before using Proxy Manager portlet?

• How to work with the Proxy Manager portlet?
  

What is the Proxy Manager portlet?

The Proxy Manager portlet provides a interface for loading GSI proxy credentials into Jetpeed via MyProxy. Proxy credentials can be stored temporarily is the user's session context. So if a user logs out of their portal or the portal server is restarted, the proxy credential will be deleted. We provide a API for accessing a user's proxy credentials from other portlets.

Do I need an X509 certificate?

Before using Proxy Manager portlet, you definitely need an X509 certificate to make use of the functionality of a Grid portal. You need to check with your organization's CA for a valid X509 certificate. However, Globus Toolkit provides a Simple CA tool in the case of small groups.

As a regular portal user, what do I need to do before using the Proxy Manager portlet?

To use MyProxy client tools to load your certificate, you must set up your Globus environment. Set the GLOBUS_LOCATION environment variable to the location of your MyProxy client tools installation. It is optional to set up your MYPROXY_SERVER environment variable, which will be taken as the destination server by default.
 
For example, as a user of Extreme! Lab, you need to set your GLOBUS_LOCATION to be "/l/extreme/local/packages/MyProxy/0.4.6", and MYPROXY_SERVER variable as "rainier.extreme.indiana.edu".

For csh users:
% setenv GLOBUS_LOCATION /l/extreme/local/packages/MyProxy/0.4.6
% setenv MYPROXY_SERVER rainier.extreme.indiana.edu
For bash users:
% export GLOBUS_LOCATION=/l/extreme/local/packages/MyProxy/0.4.6
% export MYPROXY_SERVER=rainier.extreme.indiana.edu
 
Then, depending on your shell, run one of the following commands:
For csh users:
% source $GLOBUS_LOCATION/etc/globus-user-env.csh
For bash users:
% . $GLOBUS_LOCATION/etc/globus-user-env.sh
 
After that, run the command "$GLOBUS_LOCATION/bin/myproxy-init" from your local machine to load a credential into a specified MyProxy server for later retrieval.
 
You may put the GLOBUS_LOCATION and MYPROXY_SERVER environment variables into your .cshrc or .bashrc file, but notice that a MyProxy server installation location may not be the same place as your Globus Toolkit installation, which might conflict. For detailed information about MyProxy usage, please refer to MyProxy User's Guide.

As a portal adminitrator, what do I need to do before using the Proxy Manager portlet?

How to work with the Proxy Manager portlet?

The Proxy Manager portlet will appear in the available portlet list as xportlets:ProxyManager. For help in loading the Proxy Manager portlet into your user account, please see our Jetspeed Basics guide.

Once the Proxy Manager is loaded into one of your panes, you should see a screen which looks something like the following:

The first time the ProxyManager portlet is loaded, there will be no proxy credentials loaded into the user's account. To load a proxy into your account, follow these steps:

1. Click on the 'Get New Proxy' button. The following page will be displayed.

   Fill out the following parameters and click 'Get Proxy' to retrieve your proxy from the MyProxy server specified below: Hostname: Port: Username: Password: Lifetime: (hours) Store for duration of user session only? Note: the lifetime of your GSI proxy credential will depend on the maximum lifetime specified for delegated credentials when you stored your long-term GSI proxy credential in the MyProxy server (by default 2 hours).

2. Change the defaults so that it's appropriate for your MyProxy server. The checkbox indicates whether you want the proxy credential to persist beyond this user session. If left unchecked, the proxy credential will be stored to disk in the Jetspeed database and so will be available the next time you log in (assuming it hasn't expired). If checked, the proxy credential will be deleted when you log out or the portal is restarted.

   Note: You can change the defaults permanently by customizing the portlet; see below.

3. Click the 'Get Proxy' button. The portlet will return to the main screen where you will see that there is one proxy loaded into your account along with the options to 'View' and 'Destroy' the proxy. For example,

   The following GSI proxy credentials are loaded into your account: (default proxy) CN=proxy,CN=proxy,CN=proxy,CN=Shava Smallen,OU=extreme.indiana.edu,O=Globus,O=Grid Click the button below to add another GSI proxy credential to your account:

   If you have more than one GSI credential (i.e., with different DNs) you can add more proxy credentials to your account by redoing steps 1 - 3. Proxies are stored under the hash of their DN so if you redo steps 1 - 3 with the same GSI credential, the new proxy will overwrite the existing one. The following screenshot shows what it looks like if you have more than one proxy credential.

   The following GSI proxy credentials are loaded into your account: (default proxy) CN=proxy,CN=proxy,CN=proxy,CN=Shava Smallen,OU=IUCA-cherry.ucs.indiana.edu,OU=GLOBUS-IUCA,O=Grid CN=proxy,CN=proxy,CN=proxy,CN=Shava Smallen,OU=extreme.indiana.edu,O=Globus,O=Grid Click the button below to add another GSI proxy credential to your account:

   
   

4. The Proxy Manager automatically selects the first proxy credential to be your default proxy credential. Most portlets will use this default proxy credential when performing an action that requires authentication. You can change the default proxy credential by clicking on the 'Set as default' button next to the proxy credential of your choice. For example, if we click the 'Set as default' button next to the Globus proxy credential, the default will change from the IU proxy credential to the Globus proxy credential such as follows:

   The following GSI proxy credentials are loaded into your account: CN=proxy,CN=proxy,CN=proxy,CN=Shava Smallen,OU=IUCA-cherry.ucs.indiana.edu,OU=GLOBUS-IUCA,O=Grid (default proxy) CN=proxy,CN=proxy,CN=proxy,CN=Shava Smallen,OU=extreme.indiana.edu,O=Globus,O=Grid Click the button below to add another GSI proxy credential to your account:

   
   

Viewing a Proxy:

1. Click the 'View' button next to the proxy credential of your choice.

2. Details about the proxy will be displayed as below:

   Subject: CN=proxy,CN=proxy,CN=proxy,CN=Shava Smallen,OU=extreme.indiana.edu,O=Globus,O=Grid Issuer: CN=proxy,CN=proxy,CN=Shava Smallen,OU=extreme.indiana.edu,O=Globus,O=Grid Bits: 512 Time Left: 1 hour(s) 43 minute(s) 28 second(s) Limted: no

3. Click on the 'Click here to continue' button to return to the main screen.

Removing a Proxy:

You can explicitly remove a proxy, by clicking the 'Remove' button next to the proxy credential of your choice. You will be returned to the main screen and a message should be printed telling you the proxy credential has been destroyed. For example,

Customizing Proxy Manager:

To customize Proxy Manager (i.e., permanently change the defaults for the MyProxy server), follow these steps.

1. Click the customize button ( icon in the top right hand corner). The customize screen will show such as follows:

   Fill out the parameters below and click 'Customize' to change the default settings for your MyProxy server: Hostname: Port: Username: Lifetime:   (hours) Store for duration of user session only?

   You have the option to change hostname, port, username, proxy lifetime, and storage type.

2. Change the defaults for yourself and then click the 'Customize' button. You will be returned back to the main portlet screen and the next time you click the 'Get New Proxy' button, your new defaults will show up. Note, that Jetspeed will automatically maximize the portlet. At this time, please return the portlet to normal size in order to see the changes. Your new defaults will survive a logout and portal restart as well.