r7 - 13 Jul 2012 - 09:24:29 - JohnDeStefanoYou are here: TWiki >  Main Web > PublishingAndSecurityDetails

USATLAS TWiki Publishing and Security Details

Introduction

In response to recent vulnerability exploits and spamming attacks, the US ATLAS TWiki pages are protected by Kerberos and Shibboleth, and authorization is restricted to US ATLAS computing accounts. However, an open, publicly accessible mirror of all US ATLAS TWiki content is also provided; see Unauthenticated Mirror below.

TWiki URL

The only difference in any previous TWiki URLs is the "s" that is now added to "http" for the new, authenticated TWiki: https://www.usatlas.bnl.gov/twiki/bin/view/

Accounts

It is no longer necessary to register for a WikiName on the TWiki, or to enter your WikiName and password, once you have authenticated with the server using your US ATLAS computing account credentials.

See this page for information regarding how to obtain a US ATLAS computing account. If you have forgotten your user name or password, please open an RT ticket in the User Accounts queue and provide as much information as possible.

Logging In

Users with valid accounts can enter their US ATLAS computing account user name and password ( not a WikiName and password) to gain access to the live TWiki pages. Because this server authenticates against US ATLAS computing accounts, users who don't have such accounts will not be able to reach the TWiki site unless they register for one.

When you first try to access an authenticated US ATLAS TWiki page, you'll be prompted to choose an "Identifier", or Shibboleth authentication server. These servers are redundant and presented with their associated identifiers (primary, secondary). Any of these servers will provide the same functionality, but you may wish to choose the first option (primary).

shibboleth-usatlas-identifiers.png

After selecting an Identifier server, you will be prompted to enter a name and password: enter your US ATLAS computing account credentials. Once you have been authenticated by Shibboleth, you will be redirected back to your originally requested TWiki page.

Log-In Errors
If you enter your user name and password, click OK, and the login dialog re-appears, you've likely entered entered either an incorrect user name or password, or both. Simply re-enter your user name and password.

If you reach an "authorization failed" page, you've likely tried to log into the US ATLAS TWiki using an account other than your US ATLAS account (i.e., an account with another experiment), which may be valid but is not authorized to access the TWiki site.

If your authentication session times out, or you take too long to choose a provider or enter your user name and password, you'll either get a Shibboleth error, or you'll be brought to the root of your target site instead of the page you intended to visit. In either case, simply re-enter the URL or link and try again.

In order to attempt another login after an authentication failure, you'll need to close and re-open your browser (or use some other method of destroying the cookie that holds your Shibboleth SSO token) in order to obtain a fresh authentication cookie.

Unauthenticated Mirror

To ensure that the TWiki information is made available to anyone who might need it, all pages on this TWiki site are being converted to HTML and made available in parallel on a second server, which is not authenticated and permits common access:

http://www.usatlas.bnl.gov/twiki/bin/view/

Thus, any user who enters the URL of an old TWiki page, or follows an old bookmark or link that does not point to the authenticated TWiki server, will be brought to the HTML version of the previous page.

Note that the normal TWiki "Edit" buttons and other TWiki-related functions have been removed from the non-secure mirror and can be found only on the secure TWiki server. In order to aid the editing process, the top of each unauthenticated page includes an "Edit This Page" button, which directs requests to the edit function of its matching page on the secure TWiki server.

Public Page Publishing

According to the current publishing flow, non-secured content will be updated automatically every 15 minutes, meaning any changes saved to the TWiki will be duplicated automatically to the public mirror with 15 minutes of being saved. However, we have a mechanism by which authenticated users can publish their own TWiki updates to the public server: clicking the Publish button at the top of each topic page replicates the content immediately.

In addition, page editors can use the Publishing page to publish other topics or an entire TWiki web.

Comments and Improvements

To report problems with TWiki authentication or the publishing mechanism, to get help with special tasks, or to make suggestions for improvement, create a support ticket in the WWW queue and include as much information as possible.


Major updates:

-- JohnDeStefano - 13 Jul 2012: Publishing mechanism interval truncated from 3x/day to every 15 minutes.

-- JohnDeStefano - 02 May 2012: Changed authentication method from Webauth to Shibboleth; added details on logging in.

-- JohnDeStefano - 11 Oct 2007: Added authentication updates and log-in details.

-- JohnDeStefano - 22 Nov 2006: Added information on new Publish button.

-- JohnDeStefano - 06 Nov 2006: First major update.

About This Site

Please note that this site is a content mirror of the BNL US ATLAS TWiki. To edit the content of this page, click the Edit this page button at the top of the page and log in with your US ATLAS computing account name and password.


Attachments


png shibboleth-usatlas-identifiers.png (34.5K) | JohnDeStefano, 02 May 2012 - 09:18 | US ATLAS Shibboleth Identifiers screen
 
Powered by TWiki
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback