January 2016 - Pki-devel - Dogtag Pki List Archives

[PATCH] 664 Fixed TPS UI to display accessible services only.

by Endi Sukma Dewata

The TPS UI has been modified to display the accessible services based on the user's roles. A TPS admin has access to all services. A TPS agent has access to tokens, certificates, activities, and profiles. A TPS operator has access to tokens, certificates, and activities only. https://fedorahosted.org/pki/ticket/1476 -- Endi S. Dewata

8 years, 3 months

2
2
0 / 0

[PATCH] 0109-Ticket-1375-Provide-cert-key-retention-for-externalR.patch

by Christina Fu

Ticket #1375 Provide cert/key retention for externalReg Ticket #1514 TPS: Recovered certs on a token has status expired Ticket #1587 External Registration Recovery only works for 1024 sized keys out of the box This patch provides the cert/key retention feature for externalReg. if the certsToAdd field contains (serial,ca#) instead of the full (serial, ca#, keyId, kra#), then it is expecting the cert/key to be retained from token without having to do a full retrieval (recovery). This patch also fixes the issues reported in #1514 and #1587 as testing of #1375 is easier with those two issues addressed. An issue was found during development where Coolkey puts limits on the cert/key ids on the token and make it impossible to inject cert ID higher than 4, as it would then result in key ids into two digits. This issue will be filed as a separte ticket and addressed separately. Most testing will then be conducted. thanks, Christina

8 years, 3 months

1
1
0 / 0

[PATCH] 0071 Improve 'authz manager not found' message string

by Fraser Tweedale

Attached patch improves a string. Pushed under one-liner rule. master 933004ba052ec1ce93526616c67b5ed272f29779 Cheers, Fraser

8 years, 3 months

1
0
0 / 0

[PATCH] [WIP] Add external authentication support

by Fraser Tweedale

Hi all, GSS-API authentication support is in progress. The approach is detailed in the design proposal[1], which is not complete. The attached patch is provided for early review of the approach and implementation. It should not break existing behaviour for existing authentication methods, but is not yet fully usable for externally authenticated principals. Some brief implementation notes: - `ExternalAuthToken' class wraps an externally authenticated principal in order to provide reasonable values for common AuthToken attributes. Many attributes are not yet implemented, and some never will be (i.e. some call sites may need to weaken their assumptions). - There are ~9 explicit casts of principal from abstract `Principal' to `PKIPrincpial'; these sites need to be checked and probably updated in most cases, because (principal instanceof PKIPrincipal) is no longer a valid assumption. Some are definitely broken. - `AuthMethodInterceptor' currently treats all external authentication methods the same, allowing allowing access. If needed, different external authn methods can be distinguished, allowing different access rules for different external authn methods. - This patch does not configure the second tomcat AJP `Connector' required. Also, the `Connector' needs to be "locked down" to a only allow traffic from the Apache frontend. I need to confirm how to do this and clearly document it. Regarding the design document, there is a lot more to come re: authorization, especially for user-created objects such as secrets in KRA.

8 years, 3 months

1
1
0 / 0

[PATCH] 663 Fixed mismatching certificate validity calculation.

by Endi Sukma Dewata

The CAValidityDefault has been modified to use Calendar API to calculate the certificate validity range to be consistent with the ValidityConstraint and ValidityDefault. https://fedorahosted.org/pki/ticket/1682 -- Endi S. Dewata

8 years, 3 months

1
1
0 / 0

[PATCH] 662 Fixed external CA case for IPA compatibility.

by Endi Sukma Dewata

The installation code for external CA case has been fixed such that IPA can detect step 1 completion properly. The code that handles certificate data conversion has been fixed to reformat base-64 data for PEM output properly. The installation summary for step 1 has been updated to provide more accurate information. https://fedorahosted.org/pki/ticket/456 -- Endi S. Dewata

8 years, 3 months

1
1
0 / 0

[PATCH 0042] Fix escaping of password fields to prevent interpolation

by Christian Heimes

Some password and pin fields are missing from the no_interpolation list. One entry is misspelled. A '%' in password field such as pki_clone_pkcs12_password causes an installation error. https://fedorahosted.org/pki/ticket/1703 https://bugzilla.redhat.com/show_bug.cgi?id=1283631

8 years, 3 months

2
3
0 / 0

[PATCH] 665 Added table to manage TPS user profiles.

by Endi Sukma Dewata

The TPS UI has been modified to provide a table as an interface to manage the user profiles. When adding a profile, the profile can be selected from a list of available profiles. The UserService and UGSubsystem have been modified to allow adding a user with no assigned profiles. https://fedorahosted.org/pki/ticket/1478 -- Endi S. Dewata

8 years, 3 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel January 2016