Feature #17583

Remote controller forwards trusted client aware calls on a federated scenario

Added by Lucas Di Pentima 5 months ago. Updated 3 days ago.

Status:
New
Priority:
Normal
Assigned To:
Category:
API
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
(Total: 0.00 h)
Story points:
-

Description

When a client makes for example a token list request to a remote controller using a federated token, the remote controller responds with a "Forbidden: this API client cannot manipulate other clients' access tokens." error message.

This most probably be due to the fact that federated tokens are cached on the remote controller's database but not linked to a trusted client.

The right solution would probably be to make controller forward those requests to the token issuing cluster so that from the client's perspective the operation is transparent.


Subtasks

Task #17872: ReviewNewLucas Di Pentima

Task #17910: investigateNewPeter Amstutz


Related issues

Related to Arvados - Bug #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression)In Progress

History

#1 Updated by Ward Vandewege 2 months ago

  • Related to Bug #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression) added

#2 Updated by Peter Amstutz 2 months ago

  • Target version changed from To Be Groomed to 2021-07-21 sprint

#3 Updated by Peter Amstutz 2 months ago

  • Assigned To set to Peter Amstutz

#4 Updated by Peter Amstutz about 2 months ago

  • Target version changed from 2021-07-21 sprint to 2021-08-04 sprint

#5 Updated by Peter Amstutz about 2 months ago

  • Target version changed from 2021-08-04 sprint to 2021-08-18 sprint

#6 Updated by Peter Amstutz about 2 months ago

  • Target version changed from 2021-08-18 sprint to 2021-09-01 sprint

#7 Updated by Peter Amstutz about 1 month ago

  • Target version changed from 2021-09-01 sprint to 2021-09-15 sprint

#8 Updated by Peter Amstutz 17 days ago

  • Assigned To deleted (Peter Amstutz)

#9 Updated by Peter Amstutz 17 days ago

  • Assigned To set to Lucas Di Pentima

#10 Updated by Lucas Di Pentima 3 days ago

  • Target version changed from 2021-09-15 sprint to 2021-09-29 sprint

Also available in: Atom PDF