Skip to content

Register a VO

Prerequisites

  • You have access to your DiracX instance URL.
  • It is better to have admin rights on the VO’s IdP instance (e.g. Indigo IAM).

Manage Users

1. Generate an OIDC client

  1. Log in to your VO’s IdP instance.
  2. Create a new OIDC client with:
  3. Client secret: none
  4. Redirect URIs: 
    https://<your‑diracx‑url>/api/auth/authorize/complete
  5. Grant type: authorization_code
  6. Scope: at minimum openid, profile and email

2. Configure DiracX

  1. In your DIRAC CS, add under DiracX > CsSync > VOs > <VO> > IdP:
DiracX
{
  CsSync
  {
    VOs
    {
      <VO>
      {
        IdP
        {
          ClientID = "<OIDC‑client‑ID>"
          URL = "https://<your‑idp‑instance>/"
        }
      }
    }
  }
}
  1. To add specific users, list their subject‑IDs under UserSubjects:
DiracX
{
  CsSync
  {
    VOs
    {
      <VO>
      {
        UserSubjects
        {
          <username from dirac> = <user id from the IdP instance>
          ...
        }
      }
    }
  }
}

!!! note

 User IDs are associated to the usernames that are defined in the `Registry > Users` section. This allows DiracX to retrieve the groups they belong to and their properties.

After saving, you should sync the configuration with DiracX. Dirac Groups and properties should then be associated to users defined in the DiracX section. See Convert CS for next steps.

Interact with Computing Elements

Client configuration is still managed through the DIRAC configuration so far. See Submitting pilots to CEs using tokens for further details.

Interact with Storage Elements

TODO