User Login


User login - authentication and optional session management


  • Data Provider
  • Users
  • Data Provider User Login interface e.g. browser and CGI script, from a command line or from some other application
  • Session Manager WS
  • MyProxy


  • NDG security infrastructure is in place.
  • User is registered with the data provider.


  • User requires access to secured resource from data provider
  • User access a secured resource from the data provider but is not currently authenticated.


User is authenticated and holds a valid ID. Optionally, a user session has been created and is held by the Session Manager WS

Normal Course

  1. User enters username/pass-phrase credentials at user login interface.
  2. User login interfaces calls Session Manager WS providing username and pass-phrase and
    • a flag indicating whether a user session should be created and managed by the Session Manager.
    • a flag to indicate whether the Session Manager should return a session cookie (for browser client) or a proxy certificate (non browser based client application)
  3. The user credentials are passed on to the Session Manager's MyProxy interface to verify the credentials and obtain a proxy certificate from their certificate and private key held in the MyProxy repository.
  4. If requested, a user session is created and held by the Session Manager containing a Credential Wallet. The proxy certificate is passed to the wallet for storage.
  5. If the login interface is browser based, the session manager returns a session cookie so that the interface can set a the cookie in the client browser. If the on the other hand, the login interface is a custom application, the session manager returns the user's proxy certificate
  6. User login interface indicates successful completion.