Authentication and login
Until now, we only connected the ICAT server to query its version.
This doesn’t require a login to the server and hence the flag
needlogin=False
in the constructor call of
icat.config.Config
in our example program. If we leave this
flag out, we get a bunch of new configuration variables. Consider the
following example program:
#! /usr/bin/python
import icat
import icat.config
config = icat.config.Config(ids="optional")
client, conf = config.getconfig()
client.login(conf.auth, conf.credentials)
print("Login to %s was successful." % (conf.url))
print("User: %s" % (client.getUserName()))
Let’s check the available command line options now:
$ python login.py -h
usage: login.py [-h] [-c CONFIGFILE] [-s SECTION] [-w URL] [--idsurl IDSURL]
[--no-check-certificate] [--http-proxy HTTP_PROXY]
[--https-proxy HTTPS_PROXY] [--no-proxy NO_PROXY] [-a AUTH]
[-u USERNAME] [-P] [-p PASSWORD]
optional arguments:
-h, --help show this help message and exit
-c CONFIGFILE, --configfile CONFIGFILE
config file
-s SECTION, --configsection SECTION
section in the config file
-w URL, --url URL URL to the web service description
--idsurl IDSURL URL to the ICAT Data Service
--no-check-certificate
don't verify the server certificate
--http-proxy HTTP_PROXY
proxy to use for http requests
--https-proxy HTTPS_PROXY
proxy to use for https requests
--no-proxy NO_PROXY list of exclusions for proxy use
-a AUTH, --auth AUTH authentication plugin
-u USERNAME, --user USERNAME
username
-P, --prompt-pass prompt for the password
-p PASSWORD, --pass PASSWORD
password
Now call this program indicating the name of the authentication plugin and a user name:
$ python login.py -s myicat -a db -u jdoe
Password:
Login to https://icat.example.com:8181 was successful.
User: db/jdoe
Note that the program prompted us for a password, since we didn’t provide one. Of course you need to specify an authentication plugin, user name, and password that is actually configured in your ICAT. Furthermore, the user name printed by the program may be different from the one indicated in the command line. This depends on the configuration of the authentication plugin in your ICAT. It is common praxis to prefix the user name with the name of the authentication plugin as shown in this example.
Note
For this tutorial we assume that the root user in the ICAT server has the user name root and is configured in the simple authenticator and that there are two users with name jdoe and nbour configured in the db authenticator. If this is not the case in your ICAT, you’ll need to adapt the examples accordingly.
All configuration variables aside from configFile and
configSection can be set in the configuration file. Edit your
icat.cfg
file to read:
[myicat_jdoe]
url = https://icat.example.com:8181
auth = db
username = jdoe
password = secret
idsurl = https://icat.example.com:8181
# uncomment, if your server does not have a trusted certificate
#checkCert = No
You should protect this file from unauthorized read access if you store passwords in it. Now you can do:
$ python login.py -s myicat_jdoe
Login to https://icat.example.com:8181 was successful.
User: db/jdoe
Command line options override the settings in the configuration file. This way, you can still log in as another user not configured in the file:
$ python login.py -s myicat_jdoe -u nbour
Password:
Login to https://icat.example.com:8181 was successful.
User: db/nbour
You might have noticed that the program again prompted us for a
password even though there is one set in the config file. The
icat.config
module is smart enough to assume that if we
overrode the user name on the command line, the password in the config
file will likely not be valid for that user.
Configuration files can have many sections. It may come handy to be
able to quickly switch between different users to log into the ICAT.
Edit icat.cfg
again to read as follows:
[myicat_root]
url = https://icat.example.com:8181
auth = simple
username = root
password = secret
idsurl = https://icat.example.com:8181
# uncomment, if your server does not have a trusted certificate
#checkCert = No
[myicat_jdoe]
url = https://icat.example.com:8181
auth = db
username = jdoe
password = secret
idsurl = https://icat.example.com:8181
#checkCert = No
[myicat_nbour]
url = https://icat.example.com:8181
auth = db
username = nbour
password = secret
idsurl = https://icat.example.com:8181
#checkCert = No
We shall use some of this configuration in the following sections of the tutorial. Do not forget to adapt the URLs, the authenticator names, and the passwords to what is configured in your ICAT.