Re: [Pki-devel] [PATCH] pki-cfu-0020-TPSRewrite-credential-match-fix.patch

This patch is to fix an issue that Jack reported some time ago regarding authentication in Java TPS. It was speculated that it had to do with ESC and tpsclient not expecting same credential names, etc. (note: I understand that Jack worked out something that was to get him through what he was working on, but it was not meant as a permanent solution, hence my investigation and separate patch) I spent some time investigating to find out the root cause and a final solution. Here is what I discovered: In the old TPS, in case of "ExtendedLoginRequest", the uid/pwd are called "UID" and "PASSWORD"; where as in case of "LoginRequest", the uid/pwd are called "screen_name" and "password" In tpsclient, BOTH "ExtendedLoginResponse" and "LoginResponse" are coded to put "screen_name". My suspicion is with the old TPS the "ExtendedLoginRequest" never worked. So, in summary, it's the difference between "extended" and "not extended" rather than the clients. The clients just happened to specify extended/not extended by default so it appears that way. Note: In this patch, I added changes to tpsclient in an attempt to make extendedLogin work but I learned later from jack that tpsclient never does that, so please ignore that part of the patch. I made some attempt to restore that part of tpsclient with a new patch but couldn't get it. I will sort it out with our git experts later. This works with tpsclient, but I am still waiting for jack to test it out with ESC. thanks, Christina _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel