condor_test_token
Create a short-lived SciToken to authenticate with local HTCondor daemons
Synopsis
condor_test_token [–help]
condor_test_token –issuer issuer-url –scope scopes [–subject subject] [–lifetime lifetime] [–audience audience] [–cache cache-location]
Description
condor_test_token generates a temporary signing key, adds it to the local SciTokens cache for the given issuer, creates a short-lived token signed by the key, and prints the token to stdout. Local HTCondor daemons will treat this token like any reguluar token generated by the given issuer for a short period of time (one hour).
If the HTCondor daemons were started as root, then the tool must be run as the condor user.
Options
- –help
Display usage information
- –issuer issuer-url
Specify the issuer to impersonate
- –scope scopes
Specify the scope claim for the token
- –subject subject
specify the sub claim for the token (default is no sub claim)
- –lifetime lifetime
Specify the lifetime of the token in seconds (default 1 hour)
- –audience audience
Specify the aud claim for the token (default is no aud claim)
- –cache cache-location
Specify the SciTokens cache location (default is to find cache via HTCondor configuration files)
Examples
To create a SciToken with WRITE-level access for user Alice that appears to be issued by the SciTokens demo issuer:
$ condor_test_token --issuer https://demo.scitokens.org \
--scope condor:/WRITE --sub alice@foo.org --aud ANY
Exit Status
condor_test_token will exit with a status value of 0 (zero) upon success, and it will exit with the value 1 (one) upon failure.