Attention
The DEEP platform is sunsetting.
The DEEP-Hybrid-DataCloud project project has ended and its plaftform and software are being decomissioned during 2023, as they have been superseeded by the AI4EOSC platform and the AI4OS software stack.
Please refer to the following links for further information:
Configure oidc-agent
oidc-agent is a tool to manage OpenID Connect tokens and make them easily usable from the command line.
Requirements
having a DEEP IAM account
having the oidc-agent installed (follow the official installation guide).
Start oidc-agent:
$ eval $(oidc-agent)
$ oidc-gen
You will be asked for the name of the account to configure. Let’s call it deep-iam. After that you will be asked for the additional client-name-identifier, you should choose the option:
[2] https://iam.deep-hybrid-datacloud.eu/
Then just click Enter
to accept the default values for Space delimited list of scopes [openid profile offline_access]
.
After that, if everything has worked properly, you should see the following messages:
Registering Client ...
Generating account configuration ...
accepted
At this point you will be given a URL. You should visit it in the browser of your choice in order to continue and approve the registered client. For this you will have to login into your DEEP-IAM account and accept the permissions you are asked for.
Once you have done this you will see the following message:
The generated account config was successfully added to oidc-agent. You don't have to run oidc-add
Next time you want to start oidc-agent from scratch, you will only have to do:
$ eval $(oidc-agent)
oidc-add deep-iam
Enter encryption password for account config deep-iam: ********
success
You can print the token:
$ oidc-token deep-iam
Usage with orchent
You should set OIDC_SOCK (this is not needed, if you did it before):
$ eval $(oidc-agent)
$ oidc-add deep-iam
Set the agent account to be used with orchent and the ORCHENT_URL:
$ export ORCHENT_AGENT_ACCOUNT=deep-iam
$ export ORCHENT_URL="https://paas.cloud.cnaf.infn.it/orchestrator"