GridCertLib: a Single Sign-on Solution for Grid Web Applications and Portals

TL;DR

GridCertLib is a Java library that simplifies secure access to grid resources by integrating Shibboleth authentication with X.509 certificates and proxies, enabling seamless web application login and resource access.

Contribution

It introduces a novel Java library that automates obtaining X.509 certificates and proxies using Shibboleth and SLCS, enhancing security and usability in web portals.

Findings

Successful integration with Bioinformatics portals

Automated certificate and proxy generation improves user experience

Practical deployment demonstrates effectiveness

Abstract

This paper describes the design and implementation of GridCertLib, a Java library leveraging a Shibboleth-based authentication infrastructure and the SLCS online certificate signing service, to provide short-lived X.509 certificates and Grid proxies. The main use case envisioned for GridCertLib, is to provide seamless and secure access to Grid/X.509 certificates and proxies in web applications and portals: when a user logs in to the portal using Shibboleth authentication, GridCertLib can automatically obtain a Grid/X.509 certificate from the SLCS service and generate a VOMS proxy from it. We give an overview of the architecture of GridCertLib and briefly describe its programming model. Its application to some deployment scenarios is outlined, as well as a report on practical experience integrating GridCertLib into portals for Bioinformatics and Computational Chemistry applications, based on the popular P-GRADE and Django softwares.