condor_test_token

Create a short-lived SciToken to authenticate with local HTCondor daemons

Synopsis

condor_test_token [–help]

condor_test_token –issuer issuer-url –scope scopes [–subject subject] [–lifetime lifetime] [–audience audience] [–cache cache-location]

Description

condor_test_token generates a temporary signing key, adds it to the local SciTokens cache for the given issuer, creates a short-lived token signed by the key, and prints the token to stdout. Local HTCondor daemons will treat this token like any reguluar token generated by the given issuer for a short period of time (one hour).

If the HTCondor daemons were started as root, then the tool must be run as the condor user.

Options

–help

Display usage information

–issuer issuer-url

Specify the issuer to impersonate

–scope scopes

Specify the scope claim for the token

–subject subject

specify the sub claim for the token (default is no sub claim)

–lifetime lifetime

Specify the lifetime of the token in seconds (default 1 hour)

–audience audience

Specify the aud claim for the token (default is no aud claim)

–cache cache-location

Specify the SciTokens cache location (default is to find cache via HTCondor configuration files)

Examples

To create a SciToken with WRITE-level access for user Alice that appears to be issued by the SciTokens demo issuer:

$ condor_test_token --issuer https://demo.scitokens.org \
    --scope condor:/WRITE --sub alice@foo.org --aud ANY

Exit Status

condor_test_token will exit with a status value of 0 (zero) upon success, and it will exit with the value 1 (one) upon failure.