To help troubleshooting, the ConfigurationUtils.handleCerts()
has been modified to throw the exception instead of returning an
Pushed to master under trivial/one-liner rule.
Endi S. Dewata
An update for Apache Tmocat recently pushed into bodhi seems to break
CA instance spawning in a spectacular way. It seems that the update
once again breaks the loading of Java classes during Dogtag server
I gave the package negative karma and I suggest for you to do the same
until the issue is resolved.
As a workaround you can either disable updates-testing or use:
dnf downgrade --allowerasing tomcat
to downgrade tomcat and dependencies to version 8.0.36-2.fc24 which works.
qualifies for "simple checkin that does not affect code".
Author: Christina Fu <cfu(a)dhcp-16-189.sjc.redhat.com>
Date: Mon Oct 24 09:59:42 2016 -0700
a few simple debugging messages in TPS that will make debugging easier.
TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode.
Simple fix allows the TPS and TKS the ability to obtain the proper internal token, even in FiPS mode.
The TPS UI has been updated to support TPS agent approval process
for changes in authenticators, connectors, and profile mappings in
addition to profiles.
The ConfigEntryPage has been updated to display the action links
consistently in the above components for all possible role and
The ProfilePage has been removed since the code has been merged
into its super class.
Endi S. Dewata
The TPS UI has been modified to adjust the system menu based
on the list of accessible components obtained during login.
The TPSApplication has been modified to use TPSAccountService
which returns the list of accessible components based on the
following properties in the CS.cfg:
* admin: target.configure.list
* agent: target.agent_approve.list
The AccountInfo has been changed to extend the ResourceMessage
such that it can be used to pass the list of accessible
components as an attribute.
Endi S. Dewata
PIN_RESET policy is not giving expected results when set on a token.
Simple fix to actually honor the PIN_RESET=<YES>or<NO> policy for a given token.
Minor logging improvements added as well for this error condition.
Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches
Fixes this bug #1381375.
The portion this patch fixes involves URL encoding glitch we encountered when recovering keys using
the "by cert" method.
Also this bug addresses:
Bug 1379379 - Unable to read an encrypted email using renewed tokens
The URL encoding problem was affecting the proper verification of this bug.
Bug 1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued
The URI encoding was also making this bug appear to fail more than it should have.
There is also a minor fix to the feature that makes sure it works.
This small fix is in TPSEngine.java where the constant for GenerateNewAndRecoverLast scheme is declared.