BonFIRE logo and link to main BonFIRE site

Table Of Contents

Previous topic

Groups and Group Management

Next topic


This Page

Accessing BonFIRE for Fed4FIRE users


For a BonFIRE/Fed4FIRE tutorial of how to start an experiment using SFA and jFed and monitor it using OML, you can visit this page.

Access using a Fed4FIRE certificate

With a Fed4FIRE certificate, it is possible to access BonFIRE. Two options are offered: use the certificate to create a standard BonFIRE account, or use the certificate to access BonFIRE’s API through the dedicated URI.

Applying for a BonFIRE account using a Fed4FIRE certificate

To apply for an account, go to and fill in the requested fields. You should select the group that corresponds to the name of your experiment. If you don’t see your experiment in the list then please e-mail If you don’t select a group, no usage quota will be available to you.

Once your account has been approved you can start using BonFIRE.

Using a Fed4FIRE certificate to access BonFIRE’s API

With your Fed4FIRE certificate, it is possible to directly interact with BonFIRE’s API (see occi), provided you use the certificate to do client authentication over ssl. This requires interacting with BonFIRE’s API on a specific port, port 445. For example, the following call should give the user details (for BonFIRE) of the owner of the Fed4FIRE cert used to connect.

$ curl -k -i  --cert ~/.ssl/geni_cert.pem


The -k flag is necessary to disable the server SSL certificate verification (we don’t use a trusted SSL certificate on the server for BonFIRE API).

When accessing BonFIRE with a Fed4FIRE certificate, BonFIRE will attempt to find an existing user with the same mail as the user mail in the certificate. If it finds one, that BonFIRE account will be used. If it does not, a BonFIRE account is dynamically created and enough usage quota is attributed to the new user so he can run the tutorials and some initial tests. To use BonFIRE regularly, you’ll need to join a group. For that, you’ll need to connect the the BonFIRE portal, pretend you have lost your password for BonFIRE, and then when you have a password, use the account management tools to request joigning a group that has usage quota.

The API’s entry point on port 445 support speaks for credentials, as described in The query parameters recognized by BonFIRE API as carrying speaks for credentials are ‘speaksfor’ and ‘s4cert’.

$ curl -ki<base64 url encoded speaks-for> \
 --cert ~/.ssl/geni_cert.pem


<base64 url encoded speaks-for> if the base64 encoding of a signed speask-fors certificate, with the encoding done with the url safe variant of base64 encoding (no lien feeds, - instead of +, etc..).

If succesfull, the call should give the user details of the user the caller is speaking for

Use BonFIRE through SFA tooling

If you wish to use BonFIRE through its Aggregate Manager interface (conforming to the SFA AMv3 API), please read BonFIRE Aggregate Manager documentation. To discover BonFIRE’s native interfaces, you may want to read Steps To Getting Started. Information regarding OMF/OML can be found in the OMF/OML page. For support please see

Fed4FIRE users may also wish to use the jFed tool to interact with BonFIRE. For details on jFed see the jFed documentation.