CILogon-enabled Applications

A CILogon-enabled Application is a program that can download a certificate from https://cilogon.org/ using an Activation Code.

To use a CILogon-enabled application:
  1. Open https://cilogon.org/?skin=code in a web browser and log on.
  2. Click the Get New Activation Code button shown at https://cilogon.org/.
  3. Highlight and copy the Activation Code (for example: acb7b5c63931067c3c6340c5b2b2e72f) displayed at https://cilogon.org/.
  4. Paste the Activation Code when prompted by the CILogon-enabled application.
The Get New Activation Code functionality is an optional capability that is enabled when you visit https://cilogon.org/?skin=code. To see all optional capabilities, visit https://cilogon.org/?skin=all. To revert to the default CILogon interface, visit https://cilogon.org/?skin=default. To request a customized "skin" for your applications, please contact us at help@cilogon.org.

Example: gridshibca-client.py

An example CILogon-enabled application is available at https://cilogon.org/gridshib-ca/gridshibca-client.py. It is a relatively simple script written in the Python language. The following command-line example demonstrates its use:
$ wget https://cilogon.org/gridshib-ca/gridshibca-client.py
$ python gridshibca-client.py
Please enter your Activation Code: <--- paste the Activation Code here
Using GridShib CA server at https://cilogon.org//gridshib-ca//GridShibCA.cgi
Generating private keys and certificate request.
Credential written to /tmp/x509up_u501
Success.

Implementation Details

CILogon-enabled applications implement the GridShib-CA Credential Retriever Protocol. It must:
  • Generate a 2048-bit RSA private key.
  • Create a PEM-encoded PKCS10 certificate request containing the corresponding RSA public key.
  • Submit an HTTP POST request to https://cilogon.org//gridshib-ca//GridShibCA.cgi containing the certificate request and the Activation Code.
  • Read the response to the HTTP POST containing the PEM-encoded signed X.509 certificate.
Comments