VOMS Admin server v. 3.4.0

This release fixes several problems and introduces requested new features in VOMS Admin server. The list of bug fixes is given in full below. Here the main new features will be described

Java 8

VOMS Admin server now requires Java 8.

AUP signature reminders

It is now possible to configure VOMS Admin to send multiple reminders to remind users of AUP signature requests.

The voms.aup.sign_aup_task_reminders option in the /etc/<vo>/service.properties configuration file accepts a comma separated list of values as in:

voms.aup.sign_aup_task_reminders = 14,7,1

With the settings above, VOMS Admin would send three reminders to a user that is requested to sign the AUP: 14,7 and 1 day before the grace period expiration. These reminders are sent in addition to the email notification that is sent by VOMS Admin when the AUP signature expires.

The grace period duration is configured as before with the voms.aup.sign_aup_task_lifetime option. For example:

voms.aup.sign_aup_task_lifetime = 30

configures a grace period of 30 days.

Improved user requests handling

The handle user request home page has been redesigned to support multiple request handling with a single click and improved readability.

VOMS Admin audit log

VOMS Admin now keeps an audit log in the database of all the relevant management actions performed on the VOMS database by administrators and by the system itself.

The audit log can be queried from the audit log page, which replaces the former request log page.

VOMS links to CERN HR DB via the HR db user id field

VOMS now links membership to data in the CERN HR database using the user HR user id field (which cannot be changed by users) instead of the user email addresses.

The HR id used for a given VOMS user can be changed by VO administrators. This change does not affect the current registration flow.

Authentication info page

VOMS Admin now has a page that can be used to display information about the certificate used when connecting to the service. The page will tell:

• if the user is authenticated (i.e. has provided a valid and trusted certificate)
• if the user certificate grants administrator permissions for the VO
• if there’s a VO membership linked to the certificate

Group manager role

It is now possible to leverage VOMS roles to group together group managers, i.e. administrators that have the right to approve group membership requests and role assignment requests that are specific for a VO group.

Bug fixes

• VOMS-658 : List users should return all certificates for registered VO members
• VOMS-657 : Form validation for the Institute field should be disabled when HR DB integration is on
• VOMS-656 : Suspended users end up in Gridmap files
• VOMS-645 : Force users to include a textual motivation for group and role requests
• VOMS-641 : VO members whose AUP has expired but are not notified
• VOMS-640 : VOMS Admin sessions expire in two minutes
• VOMS-636 : VOMS admin change reacceptance period should be protected by a confirmation dialog
• VOMS-631 : VOMS Admin RPM should depend on Java 8
• VOMS-629 : Improve VOMS Admin request certificate page
• VOMS-628 : VOMS Admin pending request page should provide easy access to requestor email address
• VOMS-625 : Cumulative permissions do not grant all intended privileges
• VOMS-524 : Include Orgdb configuration documentation in VOMS administrator guide

New features and improvements

• VOMS-675 : Provide a VO member targeted VOMS Admin guide
• VOMS-655 : Group-Manager role to grant group membership request rights
• VOMS-654 : VOMS should provide a page that displays detailed information about the certificate used to connect to the service
• VOMS-650 : VOMS should leverage HR member id instead of primary email for linking VOMS and HR membership
• VOMS-649 : Add ability to edit group description
• VOMS-635 : VOMS triggerReacceptance confirm dialog should shield from user mistakes
• VOMS-634 : VOMS Admin handle request page should show only requests that can be handled by an administrator
• VOMS-633 : Add ability to handle multiple requests page from VOMS Admin "Handle requests" page
• VOMS-129 : VOMS admin provides configurable notification interval for Sign AUP messages

Installation and configuration

Upgrade from VOMS Admin Server >= 3.2.0

A database upgrade and a reconfiguration (in this order) are required to upgrade to VOMS Admin server 3.4.0.

Upgrade from earlier VOMS Admin Server versions

First upgrade to VOMS Admin version 3.2.0 and then to 3.4.0.

Clean install

Follow the instructions in the VOMS System Administrator Guide.