ClientAccessToESGFOPeNDAPServers
| Wiki Reorganisation |
|---|
| This page has been classified for reorganisation. It has been given the category REVISE. |
| This page contains useful content but needs revision. It may contain out of date or inaccurate content. |
First compile your client with the appropriate OPeNDAP netCDF client libraries as described here. (N.B. this the BADC Wiki point so the Beta release, but you should use the official release ).
Then to access the protected servers you must collect the necessary certificates and keys. Phil Kershaw provided the following explanation for what needs to be done and the steps needed to accomplish the task.
For ESG, each Gateway including PCMDI has its own MyProxy server. You logon with a client program using the same username/password as for your OpenID. It sets up a temporary certificate and key on your desktop machine. These are stored together in a single PEM format file. In the above, it's 'creds.pem' but the standard location ESG uses is, $HOME/.esg/credentials.pem.
In the same way that your browser keeps a list of trusted CA certificates, your netCDF client needs such a list so that it correctly verify the identity of the server it queries. When you run MyProxy logon it can be called to download this list into a directory. You then point the remaining CURL option at this directory. Also note that if you are having trouble you will want to turn on the verbose debugging output by setting the CURL.VERBOSE=1. This output will be very helpful in determing why it's not working.
So the .dodsrc file in your home directory the entries would look something like this:
CURL.VERBOSE=1
CURL.COOKIEJAR=.dods_cookies
CURL.SSL.VALIDATE=1
CURL.SSL.CERTIFICATE=/home/rhs/.esg/credentials.pem
CURL.SSL.KEY=/home/rhs/.esg/credentials.pem
CURL.SSL.CAPATH=/home/rhs/.esg/certificates
-
Use the MyProxyLogon Java WebStart application that is available from the ESGF Web Front end. (see the link in the image below).
-
Python client . Follow the installation instructions and then use the console script .
Get the client running by clicking the "MyProxyLogon" link on the web front end in the "Quick Links" section on the right of the page.
After the WebStart link has triggered the download of the jar and you have accepted any security warning to trust the application and run it, you will see a login screen like this:
N.B. All of the details about your OpenID can be found on the DKRZ help page . In particular there is a table at the bottom in the Troubleshooting MyProxy section that spells it our for each MyProxy provider. I reproduced the PCMDI 9 entry here. N.B. When entering the hostname into the MyProxy client, just use the hostname not the https:// part.
OpenID
MyProxy Hostname
MyProxy User Name
https://pcmdi9.llnl.gov/esgf-idp/openid/USERNAME|esgf-idp|openid|USERNAME
pcmdi9.llnl.gov
USERNAME
Once you have completed the step above you can sanity check the certificate you produced for yourself with the following command:
openssl x509 -noout -in /home/rhs/.esg/credentials.pem -text
Pay particular attention to the values of the time range when the certificat is valid:
Validity
Not Before: Dec 16 16:06:06 2010 GMT
Not After : Dec 17 04:11:06 2010 GMT
When the certificate expires, you will have to renew it by repeating the MyProxy logon using your client of choice.
N.B. to get access to the most interesting data you need to belong to the CMIP5 Research group. Registration is automatic after accept the terms of service. The only way I could figure out how to get into that group was to attempt to download a data file and then the browser got redirected to a page where I could join the group.
Now that you have the certificates and key ready to go you can start using Ferret to acess data behind the various servers protectetd by ESGF Authentication and Authorization filters. For example:
rhs@gazelle:~$ ferret
NOAA/PMEL TMAP
FERRET v6.72
Linux 2.6.32-131.12.1.el6.x86_64 64-bit - 09/13/11
18-Jan-12 15:30
yes? use "http://pcmdi9.llnl.gov/thredds/dodsC/cmip5.output1.INM.inmcm4.amip.mon.atmos.Amon.r1i1p1.zg.20111201.aggregation"
* About to connect() to pcmdi9.llnl.gov port 80 (#0)
* Trying 198.128.245.159... * connected
* Connected to pcmdi9.llnl.gov (198.128.245.159) port 80 (#0)
> GET /thredds/dodsC/cmip5.output1.INM.inmcm4.amip.mon.atmos.Amon.r1i1p1.zg.20111201.aggregation.dds HTTP/1.1
User-Agent: libcurl-agent/1.0
Host: pcmdi9.llnl.gov
Accept: */*
< HTTP/1.1 302 Moved Temporarily
< Server: Apache-Coyote/1.1
* Added cookie JSESSIONID="57A4A150A5D51C295C3DA49AAE39B283" for domain pcmdi9.llnl.gov, path /thredds, expire 0
< Set-Cookie: JSESSIONID=57A4A150A5D51C295C3DA49AAE39B283; Path=/thredds
< Location: https://pcmdi9.llnl.gov/OpenidRelyingParty/home.htm?redirect=http%3A%2F%2Fpcmdi9.llnl.gov%2Fthredds%2FdodsC%2Fcmip5.output1.INM.inmcm4.amip.mon.atmos.Amon.r1i1p1.zg.20111201.aggregation.dds
< Content-Length: 0
< Date: Wed, 18 Jan 2012 21:30:32 GMT
<
* Connection #0 to host pcmdi9.llnl.gov left intact
* Issue another request to this URL: 'https://pcmdi9.llnl.gov/OpenidRelyingParty/home.htm?redirect=http%3A%2F%2Fpcmdi9.llnl.gov%2Fthredds%2FdodsC%2Fcmip5.output1.INM.inmcm4.amip.mon.atmos.Amon.r1i1p1.zg.20111201.aggregation.dds'
* About to connect() to pcmdi9.llnl.gov port 443 (#1)
* Trying 198.128.245.159... * connected
* Connected to pcmdi9.llnl.gov (198.128.245.159) port 443 (#1)
* successfully set certificate verify locations:
* CAfile: none
CApath: /home/rhs/.esg/certificates
* SSL connection using DES-CBC3-SHA
* Server certificate:
* subject: O=ESGF; OU=ESGF.ORG; CN=pcmdi9.llnl.gov
* start date: 2011-09-27 03:32:10 GMT
* expire date: 2012-09-26 03:32:10 GMT
* common name: pcmdi9.llnl.gov (matched)
* issuer: O=Grid; OU=GlobusTest; OU=simpleCA-pcmdi6.llnl.gov; CN=Globus Simple CA
* SSL certificate verify ok.
> GET /OpenidRelyingParty/home.htm?redirect=http%3A%2F%2Fpcmdi9.llnl.gov%2Fthredds%2FdodsC%2Fcmip5.output1.INM.inmcm4.amip.mon.atmos.Amon.r1i1p1.zg.20111201.aggregation.dds HTTP/1.1
User-Agent: libcurl-agent/1.0
Host: pcmdi9.llnl.gov
Accept: */*
< HTTP/1.1 302 Moved Temporarily
< Server: Apache-Coyote/1.1
* Added cookie JSESSIONID="B58884E9C5AC4BD2ED81A73EAC875E22" for domain pcmdi9.llnl.gov, path /OpenidRelyingParty, expire 0
< Set-Cookie: JSESSIONID=B58884E9C5AC4BD2ED81A73EAC875E22; Path=/OpenidRelyingParty; Secure
* Added cookie esg.openid.saml.cookie="%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%3Csaml2%3AAssertion+xmlns%3Asaml2%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22+ID%3D%22e802682d-3550-472e-9cef-85e89ea2af71%22+IssueInstant%3D%222012-01-18T21%3A30%3A33.337Z%22+Version%3D%222.0%22%3E%3Csaml2%3AIssuer+Format%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.1%3Anameid-format%3AX509SubjectName%22%3ECN%3Dpcmdi9.llnl.gov%2C+OU%3DESGF.ORG%2C+O%3DESGF%3C%2Fsaml2%3AIssuer%3E%3Cds%3ASignature+xmlns%3Ads%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%0A%3Cds%3ASignedInfo%3E%0A%3Cds%3ACanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%2F%3E%0A%3Cds%3ASignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%2F%3E%0A%3Cds%3AReference+URI%3D%22%23e802682d-3550-472e-9cef-85e89ea2af71%22%3E%0A%3Cds%3ATransforms%3E%0A%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%2F%3E%0A%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3Cec%3AInclusiveNamespaces+xmlns%3Aec%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22+PrefixList%3D%22ds+saml2%22%2F%3E%3C%2Fds%3ATransform%3E%0A%3C%2Fds%3ATransforms%3E%0A%3Cds%3ADigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%2F%3E%0A%3Cds%3ADigestValue%3EvFd6I%2BsZ1vG5j2JYgnUz6nCUBko%3D%3C%2Fds%3ADigestValue%3E%0A%3C%2Fds%3AReference%3E%0A%3C%2Fds%3ASignedInfo%3E%0A%3Cds%3ASignatureValue%3E%0AXLFwNJpBDfzjP2%2FV5ugDNqWhvW4xBF6T8oMKmYihqB3TiNkjxPhPFtN3TD7Hvupw5zTw%2FiwVYoZT%0ATVVpdqRMP%2Fg50p2Q7uIP%2BKZ1QTr5PRG4a5%2FgrZl12lXRoDHqh9ym%2FKZ%2F4Ny1QQvZ4e5zuSZwLyPR%0AQsju3lJ%2B2%2F5pJbr9h80%3D%0A%3C%2Fds%3ASignatureValue%3E%0A%3C%2Fds%3ASignature%3E%3Csaml2%3ASubject%3E%3Csaml2%3ANameID+Format%3D%22urn%3Aesg%3Aopenid%22%3Ehttps%3A%2F%2Fpcmdi9.llnl.gov%2Fesgf-idp%2Fopenid%2Frolands%3C%2Fsaml2%3ANameID%3E%3C%2Fsaml2%3ASubject%3E%3Csaml2%3AConditions+NotBefore%3D%2220< Set-Cookie: esg.openid.saml.cookie=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%3Csaml2%3AAssertion+xmlns%3Asaml2%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22+ID%3D%22e802682d-3550-472e-9cef-85e89ea2af71%22+IssueInstant%3D%222012-01-18T21%3A30%3A33.337Z%22+Version%3D%222.0%22%3E%3Csaml2%3AIssuer+Format%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.1%3Anameid-format%3AX509SubjectName%22%3ECN%3Dpcmdi9.llnl.gov%2C+OU%3DESGF.ORG%2C+O%3DESGF%3C%2Fsaml2%3AIssuer%3E%3Cds%3ASignature+xmlns%3Ads%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%0A%3Cds%3ASignedInfo%3E%0A%3Cds%3ACanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%2F%3E%0A%3Cds%3ASignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%2F%3E%0A%3Cds%3AReference+URI%3D%22%23e802682d-3550-472e-9cef-85e89ea2af71%22%3E%0A%3Cds%3ATransforms%3E%0A%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%2F%3E%0A%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3Cec%3AInclusiveNamespaces+xmlns%3Aec%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22+PrefixList%3D%22ds+saml2%22%2F%3E%3C%2Fds%3ATransform%3E%0A%3C%2Fds%3ATransforms%3E%0A%3Cds%3ADigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%2F%3E%0A%3Cds%3ADigestValue%3EvFd6I%2BsZ1vG5j2JYgnUz6nCUBko%3D%3C%2Fds%3ADigestValue%3E%0A%3C%2Fds%3AReference%3E%0A%3C%2Fds%3ASignedInfo%3E%0A%3Cds%3ASignatureValue%3E%0AXLFwNJpBDfzjP2%2FV5ugDNqWhvW4xBF6T8oMKmYihqB3TiNkjxPhPFtN3TD7Hvupw5zTw%2FiwVYoZT%0ATVVpdqRMP%2Fg50p2Q7uIP%2BKZ1QTr5PRG4a5%2FgrZl12lXRoDHqh9ym%2FKZ%2F4Ny1QQvZ4e5zuSZwLyPR%0AQsju3lJ%2B2%2F5pJbr9h80%3D%0A%3C%2Fds%3ASignatureValue%3E%0A%3C%2Fds%3ASignature%3E%3Csaml2%3ASubject%3E%3Csaml2%3ANameID+Format%3D%22urn%3Aesg%3Aopenid%22%3Ehttps%3A%2F%2Fpcmdi9.llnl.gov%2Fesgf-idp%2Fopenid%2Frolands%3C%2Fsaml2%3ANameID%3E%3C%2Fsaml2%3ASubject%3E%3Csaml2%3AConditions+NotBefore%3D%222012-01-18T21%3A30%3A33.337Z%22+NotOnOrAfter%3D%222012-01-19T21%3A30%3A33.337Z%22%2F%3E%3Csaml2%3AAuthnStatement+AuthnInstant%3D%222012-01-18T21%3A30%3A33.337Z%22%3E%3Csaml2%3AAuthnContext%3E%3Csaml2%3AAuthnContextClassRef%3Eurn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aac%3Aclasses%3AX509%3C%2Fsaml2%3AAuthnContextClassRef%3E%3C%2Fsaml2%3AAuthnContext%3E%3C%2Fsaml2%3AAuthnStatement%3E%3C%2Fsaml2%3AAssertion%3E; Domain=pcmdi9.llnl.gov; Path=/
< Location: http://pcmdi9.llnl.gov/thredds/dodsC/cmip5.output1.INM.inmcm4.amip.mon.atmos.Amon.r1i1p1.zg.20111201.aggregation.dds
< Content-Length: 0
< Date: Wed, 18 Jan 2012 21:30:32 GMT
<
* Connection #1 to host pcmdi9.llnl.gov left intact
* Issue another request to this URL: 'http://pcmdi9.llnl.gov/thredds/dodsC/cmip5.output1.INM.inmcm4.amip.mon.atmos.Amon.r1i1p1.zg.20111201.aggregation.dds'
* Re-using existing connection! (#0) with host pcmdi9.llnl.gov
* Connected to pcmdi9.llnl.gov (198.128.245.159) port 80 (#0)
> GET /thredds/dodsC/cmip5.output1.INM.inmcm4.amip.mon.atmos.Amon.r1i1p1.zg.20111201.aggregation.dds HTTP/1.1
User-Agent: libcurl-agent/1.0
Host: pcmdi9.llnl.gov
Accept: */*
Cookie: JSESSIONID=57A4A150A5D51C295C3DA49AAE39B283; esg.openid.saml.cookie=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%3Csaml2%3AAssertion+xmlns%3Asaml2%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22+ID%3D%22e802682d-3550-472e-9cef-85e89ea2af71%22+IssueInstant%3D%222012-01-18T21%3A30%3A33.337Z%22+Version%3D%222.0%22%3E%3Csaml2%3AIssuer+Format%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.1%3Anameid-format%3AX509SubjectName%22%3ECN%3Dpcmdi9.llnl.gov%2C+OU%3DESGF.ORG%2C+O%3DESGF%3C%2Fsaml2%3AIssuer%3E%3Cds%3ASignature+xmlns%3Ads%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%0A%3Cds%3ASignedInfo%3E%0A%3Cds%3ACanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%2F%3E%0A%3Cds%3ASignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%2F%3E%0A%3Cds%3AReference+URI%3D%22%23e802682d-3550-472e-9cef-85e89ea2af71%22%3E%0A%3Cds%3ATransforms%3E%0A%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%2F%3E%0A%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3Cec%3AInclusiveNamespaces+xmlns%3Aec%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22+PrefixList%3D%22ds+saml2%22%2F%3E%3C%2Fds%3ATransform%3E%0A%3C%2Fds%3ATransforms%3E%0A%3Cds%3ADigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%2F%3E%0A%3Cds%3ADigestValue%3EvFd6I%2BsZ1vG5j2JYgnUz6nCUBko%3D%3C%2Fds%3ADigestValue%3E%0A%3C%2Fds%3AReference%3E%0A%3C%2Fds%3ASignedInfo%3E%0A%3Cds%3ASignatureValue%3E%0AXLFwNJpBDfzjP2%2FV5ugDNqWhvW4xBF6T8oMKmYihqB3TiNkjxPhPFtN3TD7Hvupw5zTw%2FiwVYoZT%0ATVVpdqRMP%2Fg50p2Q7uIP%2BKZ1QTr5PRG4a5%2FgrZl12lXRoDHqh9ym%2FKZ%2F4Ny1QQvZ4e5zuSZwLyPR%0AQsju3lJ%2B2%2F5pJbr9h80%3D%0A%3C%2Fds%3ASignatureValue%3E%0A%3C%2Fds%3ASignature%3E%3Csaml2%3ASubject%3E%3Csaml2%3ANameID+Format%3D%22urn%3Aesg%3Aopenid%22%3Ehttps%3A%2F%2Fpcmdi9.llnl.gov%2Fesgf-idp%2Fopenid%2Frolands%3C%2Fsaml2%3ANameID%3E%3C%2Fsaml2%3ASubject%3E%3Csaml2%3AConditions+NotBefore%3D%222012-01-18T21%3A30%3A33.337Z%22+NotOnOrAfter%3D%222012-01-19T21%3A30%3A33.337Z%22%2F%3E%3Csaml2%3AAuthnStatement+AuthnInstant%3D%222012-01-18T21%3A30%3A33.337Z%22%3E%3Csaml2%3AAuthnContext%3E%3Csaml2%3AAuthnContextClassRef%3Eurn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aac%3Aclasses%3AX509%3C%2Fsaml2%3AAuthnContextClassRef%3E%3C%2Fsaml2%3AAuthnContext%3E%3C%2Fsaml2%3AAuthnStatement%3E%3C%2Fsaml2%3AAssertion%3E
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< XDODS-Server: opendap/3.7
< Content-Description: dods-dds
< Content-Type: text/plain
< Transfer-Encoding: chunked
< Date: Wed, 18 Jan 2012 21:30:33 GMT
<
* Connection #0 to host pcmdi9.llnl.gov left intact
* Re-using existing connection! (#0) with host pcmdi9.llnl.gov
* Connected to pcmdi9.llnl.gov (198.128.245.159) port 80 (#0)
> GET /thredds/dodsC/cmip5.output1.INM.inmcm4.amip.mon.atmos.Amon.r1i1p1.zg.20111201.aggregation.das HTTP/1.1
User-Agent: libcurl-agent/1.0
Host: pcmdi9.llnl.gov
Accept: */*
Cookie: JSESSIONID=57A4A150A5D51C295C3DA49AAE39B283; esg.openid.saml.cookie=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%3Csaml2%3AAssertion+xmlns%3Asaml2%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22+ID%3D%22e802682d-3550-472e-9cef-85e89ea2af71%22+IssueInstant%3D%222012-01-18T21%3A30%3A33.337Z%22+Version%3D%222.0%22%3E%3Csaml2%3AIssuer+Format%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.1%3Anameid-format%3AX509SubjectName%22%3ECN%3Dpcmdi9.llnl.gov%2C+OU%3DESGF.ORG%2C+O%3DESGF%3C%2Fsaml2%3AIssuer%3E%3Cds%3ASignature+xmlns%3Ads%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%0A%3Cds%3ASignedInfo%3E%0A%3Cds%3ACanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%2F%3E%0A%3Cds%3ASignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%2F%3E%0A%3Cds%3AReference+URI%3D%22%23e802682d-3550-472e-9cef-85e89ea2af71%22%3E%0A%3Cds%3ATransforms%3E%0A%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%2F%3E%0A%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3Cec%3AInclusiveNamespaces+xmlns%3Aec%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22+PrefixList%3D%22ds+saml2%22%2F%3E%3C%2Fds%3ATransform%3E%0A%3C%2Fds%3ATransforms%3E%0A%3Cds%3ADigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%2F%3E%0A%3Cds%3ADigestValue%3EvFd6I%2BsZ1vG5j2JYgnUz6nCUBko%3D%3C%2Fds%3ADigestValue%3E%0A%3C%2Fds%3AReference%3E%0A%3C%2Fds%3ASignedInfo%3E%0A%3Cds%3ASignatureValue%3E%0AXLFwNJpBDfzjP2%2FV5ugDNqWhvW4xBF6T8oMKmYihqB3TiNkjxPhPFtN3TD7Hvupw5zTw%2FiwVYoZT%0ATVVpdqRMP%2Fg50p2Q7uIP%2BKZ1QTr5PRG4a5%2FgrZl12lXRoDHqh9ym%2FKZ%2F4Ny1QQvZ4e5zuSZwLyPR%0AQsju3lJ%2B2%2F5pJbr9h80%3D%0A%3C%2Fds%3ASignatureValue%3E%0A%3C%2Fds%3ASignature%3E%3Csaml2%3ASubject%3E%3Csaml2%3ANameID+Format%3D%22urn%3Aesg%3Aopenid%22%3Ehttps%3A%2F%2Fpcmdi9.llnl.gov%2Fesgf-idp%2Fopenid%2Frolands%3C%2Fsaml2%3ANameID%3E%3C%2Fsaml2%3ASubject%3E%3Csaml2%3AConditions+NotBefore%3D%222012-01-18T21%3A30%3A33.337Z%22+NotOnOrAfter%3D%222012-01-19T21%3A30%3A33.337Z%22%2F%3E%3Csaml2%3AAuthnStatement+AuthnInstant%3D%222012-01-18T21%3A30%3A33.337Z%22%3E%3Csaml2%3AAuthnContext%3E%3Csaml2%3AAuthnContextClassRef%3Eurn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aac%3Aclasses%3AX509%3C%2Fsaml2%3AAuthnContextClassRef%3E%3C%2Fsaml2%3AAuthnContext%3E%3C%2Fsaml2%3AAuthnStatement%3E%3C%2Fsaml2%3AAssertion%3E
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< XDODS-Server: opendap/3.7
< Content-Description: dods-das
< Content-Type: text/plain
< Transfer-Encoding: chunked
< Date: Wed, 18 Jan 2012 21:30:33 GMT
<
* Connection #0 to host pcmdi9.llnl.gov left intact
* Re-using existing connection! (#0) with host pcmdi9.llnl.gov
* Connected to pcmdi9.llnl.gov (198.128.245.159) port 80 (#0)
> GET /thredds/dodsC/cmip5.output1.INM.inmcm4.amip.mon.atmos.Amon.r1i1p1.zg.20111201.aggregation.dods?plev,lat,lat%5fbnds,lon,lon%5fbnds,time,time%5fbnds HTTP/1.1
User-Agent: libcurl-agent/1.0
Host: pcmdi9.llnl.gov
Accept: */*
Cookie: JSESSIONID=57A4A150A5D51C295C3DA49AAE39B283; esg.openid.saml.cookie=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%3Csaml2%3AAssertion+xmlns%3Asaml2%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22+ID%3D%22e802682d-3550-472e-9cef-85e89ea2af71%22+IssueInstant%3D%222012-01-18T21%3A30%3A33.337Z%22+Version%3D%222.0%22%3E%3Csaml2%3AIssuer+Format%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.1%3Anameid-format%3AX509SubjectName%22%3ECN%3Dpcmdi9.llnl.gov%2C+OU%3DESGF.ORG%2C+O%3DESGF%3C%2Fsaml2%3AIssuer%3E%3Cds%3ASignature+xmlns%3Ads%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%0A%3Cds%3ASignedInfo%3E%0A%3Cds%3ACanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%2F%3E%0A%3Cds%3ASignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%2F%3E%0A%3Cds%3AReference+URI%3D%22%23e802682d-3550-472e-9cef-85e89ea2af71%22%3E%0A%3Cds%3ATransforms%3E%0A%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%2F%3E%0A%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3Cec%3AInclusiveNamespaces+xmlns%3Aec%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22+PrefixList%3D%22ds+saml2%22%2F%3E%3C%2Fds%3ATransform%3E%0A%3C%2Fds%3ATransforms%3E%0A%3Cds%3ADigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%2F%3E%0A%3Cds%3ADigestValue%3EvFd6I%2BsZ1vG5j2JYgnUz6nCUBko%3D%3C%2Fds%3ADigestValue%3E%0A%3C%2Fds%3AReference%3E%0A%3C%2Fds%3ASignedInfo%3E%0A%3Cds%3ASignatureValue%3E%0AXLFwNJpBDfzjP2%2FV5ugDNqWhvW4xBF6T8oMKmYihqB3TiNkjxPhPFtN3TD7Hvupw5zTw%2FiwVYoZT%0ATVVpdqRMP%2Fg50p2Q7uIP%2BKZ1QTr5PRG4a5%2FgrZl12lXRoDHqh9ym%2FKZ%2F4Ny1QQvZ4e5zuSZwLyPR%0AQsju3lJ%2B2%2F5pJbr9h80%3D%0A%3C%2Fds%3ASignatureValue%3E%0A%3C%2Fds%3ASignature%3E%3Csaml2%3ASubject%3E%3Csaml2%3ANameID+Format%3D%22urn%3Aesg%3Aopenid%22%3Ehttps%3A%2F%2Fpcmdi9.llnl.gov%2Fesgf-idp%2Fopenid%2Frolands%3C%2Fsaml2%3ANameID%3E%3C%2Fsaml2%3ASubject%3E%3Csaml2%3AConditions+NotBefore%3D%222012-01-18T21%3A30%3A33.337Z%22+NotOnOrAfter%3D%222012-01-19T21%3A30%3A33.337Z%22%2F%3E%3Csaml2%3AAuthnStatement+AuthnInstant%3D%222012-01-18T21%3A30%3A33.337Z%22%3E%3Csaml2%3AAuthnContext%3E%3Csaml2%3AAuthnContextClassRef%3Eurn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aac%3Aclasses%3AX509%3C%2Fsaml2%3AAuthnContextClassRef%3E%3C%2Fsaml2%3AAuthnContext%3E%3C%2Fsaml2%3AAuthnStatement%3E%3C%2Fsaml2%3AAssertion%3E
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< XDODS-Server: opendap/3.7
< Content-Description: dods-data
< Content-Type: application/octet-stream
< Transfer-Encoding: chunked
< Date: Wed, 18 Jan 2012 21:30:33 GMT
<
* Connection #0 to host pcmdi9.llnl.gov left intact
* NOTE: Units on axis "plev" are not recognized: Pa
* NOTE: They will not be convertible:
yes? show data/all
currently SET data sets:
1> http://pcmdi9.llnl.gov/thredds/dodsC/cmip5.output1.INM.inmcm4.amip.mon.atmos.Amon.r1i1p1.zg.20111201.aggregation (default)
name title I J K L
ZG Geopotential Height 1:180 1:120 1:17 1:360
yes? shade/k=1/l=1 ZG
* Re-using existing connection! (#0) with host pcmdi9.llnl.gov
* Connected to pcmdi9.llnl.gov (198.128.245.159) port 80 (#0)
> GET /thredds/dodsC/cmip5.output1.INM.inmcm4.amip.mon.atmos.Amon.r1i1p1.zg.20111201.aggregation.dods?zg.zg[0][16][0:119][0:179] HTTP/1.1
User-Agent: libcurl-agent/1.0
Host: pcmdi9.llnl.gov
Accept: */*
Cookie: JSESSIONID=57A4A150A5D51C295C3DA49AAE39B283; esg.openid.saml.cookie=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%3Csaml2%3AAssertion+xmlns%3Asaml2%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22+ID%3D%22e802682d-3550-472e-9cef-85e89ea2af71%22+IssueInstant%3D%222012-01-18T21%3A30%3A33.337Z%22+Version%3D%222.0%22%3E%3Csaml2%3AIssuer+Format%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.1%3Anameid-format%3AX509SubjectName%22%3ECN%3Dpcmdi9.llnl.gov%2C+OU%3DESGF.ORG%2C+O%3DESGF%3C%2Fsaml2%3AIssuer%3E%3Cds%3ASignature+xmlns%3Ads%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%0A%3Cds%3ASignedInfo%3E%0A%3Cds%3ACanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%2F%3E%0A%3Cds%3ASignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%2F%3E%0A%3Cds%3AReference+URI%3D%22%23e802682d-3550-472e-9cef-85e89ea2af71%22%3E%0A%3Cds%3ATransforms%3E%0A%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%2F%3E%0A%3Cds%3ATransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3Cec%3AInclusiveNamespaces+xmlns%3Aec%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22+PrefixList%3D%22ds+saml2%22%2F%3E%3C%2Fds%3ATransform%3E%0A%3C%2Fds%3ATransforms%3E%0A%3Cds%3ADigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%2F%3E%0A%3Cds%3ADigestValue%3EvFd6I%2BsZ1vG5j2JYgnUz6nCUBko%3D%3C%2Fds%3ADigestValue%3E%0A%3C%2Fds%3AReference%3E%0A%3C%2Fds%3ASignedInfo%3E%0A%3Cds%3ASignatureValue%3E%0AXLFwNJpBDfzjP2%2FV5ugDNqWhvW4xBF6T8oMKmYihqB3TiNkjxPhPFtN3TD7Hvupw5zTw%2FiwVYoZT%0ATVVpdqRMP%2Fg50p2Q7uIP%2BKZ1QTr5PRG4a5%2FgrZl12lXRoDHqh9ym%2FKZ%2F4Ny1QQvZ4e5zuSZwLyPR%0AQsju3lJ%2B2%2F5pJbr9h80%3D%0A%3C%2Fds%3ASignatureValue%3E%0A%3C%2Fds%3ASignature%3E%3Csaml2%3ASubject%3E%3Csaml2%3ANameID+Format%3D%22urn%3Aesg%3Aopenid%22%3Ehttps%3A%2F%2Fpcmdi9.llnl.gov%2Fesgf-idp%2Fopenid%2Frolands%3C%2Fsaml2%3ANameID%3E%3C%2Fsaml2%3ASubject%3E%3Csaml2%3AConditions+NotBefore%3D%222012-01-18T21%3A30%3A33.337Z%22+NotOnOrAfter%3D%222012-01-19T21%3A30%3A33.337Z%22%2F%3E%3Csaml2%3AAuthnStatement+AuthnInstant%3D%222012-01-18T21%3A30%3A33.337Z%22%3E%3Csaml2%3AAuthnContext%3E%3Csaml2%3AAuthnContextClassRef%3Eurn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aac%3Aclasses%3AX509%3C%2Fsaml2%3AAuthnContextClassRef%3E%3C%2Fsaml2%3AAuthnContext%3E%3C%2Fsaml2%3AAuthnStatement%3E%3C%2Fsaml2%3AAssertion%3E
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< XDODS-Server: opendap/3.7
< Content-Description: dods-data
< Content-Type: application/octet-stream
< Transfer-Encoding: chunked
< Date: Wed, 18 Jan 2012 21:30:52 GMT
<
* Connection #0 to host pcmdi9.llnl.gov left intact
yes? go land
As you can see from all the gobbledygook the access works and the client can make OPeNDAP calls and receive responses from the server. Don't worry, once you have things working you can set the CURL.VERBOSE flag to 0 and get rid of all the noise in your client session.
ESGF_Wiki: ClientAccessToESGFOPeNDAPServers (last edited 2012-05-03 22:23:56