USATLAS TWiki Publishing and Security Details
In response to recent vulnerability exploits and spamming attacks, the US ATLAS TWiki pages are protected by Kerberos and Shibboleth, and authorization is restricted to US ATLAS computing accounts. However, an open, publicly accessible mirror of all US ATLAS TWiki content is also provided; see Unauthenticated Mirror below.
The only difference in any previous TWiki URLs is the "s" that is now added to "http" for the new, authenticated TWiki: https://www.usatlas.bnl.gov/twiki/bin/view/
It is no longer necessary to register for a WikiName on the TWiki, or to enter your WikiName and password, once you have authenticated with the server using your US ATLAS computing account credentials.
See this page
for information regarding how to obtain a US ATLAS computing account. If you have forgotten your user name or password, please open an RT ticket
in the User Accounts
queue and provide as much information as possible.
Users with valid accounts can enter their US ATLAS computing account user name and password ( not
a WikiName and password) to gain access to the live TWiki pages. Because this server authenticates against US ATLAS computing accounts, users who don't have such accounts will not be able to reach the TWiki site unless they register for one.
When you first try to access an authenticated US ATLAS TWiki page, you'll be prompted to choose an "Identifier", or Shibboleth authentication server. These servers are redundant and presented with their associated identifiers (primary, secondary). Any of these servers will provide the same functionality, but you may wish to choose the first option (primary).
After selecting an Identifier server, you will be prompted to enter a name and password: enter your US ATLAS computing account credentials. Once you have been authenticated by Shibboleth, you will be redirected back to your originally requested TWiki page.
If you enter your user name and password, click OK, and the login dialog re-appears, you've likely entered entered either an incorrect user name or password, or both. Simply re-enter your user name and password.
If you reach an "authorization failed" page, you've likely tried to log into the US ATLAS TWiki using an account other than your US ATLAS account (i.e., an account with another experiment), which may be valid but is not authorized to access the TWiki site.
If your authentication session times out, or you take too long to choose a provider or enter your user name and password, you'll either get a Shibboleth error, or you'll be brought to the root of your target site instead of the page you intended to visit. In either case, simply re-enter the URL or link and try again.
In order to attempt another login after an authentication failure, you'll need to close and re-open your browser (or use some other method of destroying the cookie that holds your Shibboleth SSO token) in order to obtain a fresh authentication cookie.
To ensure that the TWiki information is made available to anyone who might need it, all pages on this TWiki site are being converted to HTML and made available in parallel on a second server, which is not authenticated and permits common access:
Thus, any user who enters the URL of an old TWiki page, or follows an old bookmark or link that does not point to the authenticated TWiki server, will be brought to the HTML version of the previous page.
Note that the normal TWiki "Edit" buttons and other TWiki-related functions have been removed from the non-secure mirror and can be found only on the secure TWiki server. In order to aid the editing process, the top of each unauthenticated page includes an "Edit This Page" button, which directs requests to the edit function of its matching page on the secure TWiki server.
Public Page Publishing
According to the current publishing flow, non-secured content will be updated automatically every 15 minutes, meaning any changes saved to the TWiki will be duplicated automatically to the public mirror with 15 minutes of being saved. However, we have a mechanism by which authenticated users can publish their own TWiki updates to the public server: clicking the Publish
button at the top of each topic page replicates the content immediately.
In addition, page editors can use the Publishing
page to publish other topics or an entire TWiki web.
Comments and Improvements
To report problems with TWiki authentication or the publishing mechanism, to get help with special tasks, or to make suggestions for improvement, create a support ticket
in the WWW
queue and include as much information as possible.
- 13 Jul 2012: Publishing mechanism interval truncated from 3x/day to every 15 minutes.
- 02 May 2012: Changed authentication method from Webauth to Shibboleth; added details on logging in.
- 11 Oct 2007: Added authentication updates and log-in details.
- 22 Nov 2006: Added information on new Publish button.
- 06 Nov 2006: First major update.