For #2, after some investigation, it turns out that my admin cert wasn't imported into the browser properly that's what caused the authentication mishap. I have no problem accessing the TPS admin interface now. The simple enrollment of a token was also successful.
Consider #2 resolved.

thanks,
Christina

On 05/28/2015 06:13 PM, Christina Fu wrote:

A few TPS issues (is there a workaround for #2 below?):

1. maybe not enough to respin, but for TPS, a simple format will fail due to an extra space at the end of the following in CS.cfg:
op.format.tokenKey.validateCardKeyInfoAgainstTokenDB=true

workaround is to remove the space and restart.

2. once formatted a token, getting to the admin interface resulted in the following error on ui:
"Authentication method not allowed"
in debug log, I see
[28/May/2015:13:51:29][http-bio-8443-exec-16]: SessionContextInterceptor: principal: tpsadmin
[28/May/2015:13:51:29][http-bio-8443-exec-16]: AuthMethodInterceptor: TokenResource.findTokens()
[28/May/2015:13:51:29][http-bio-8443-exec-16]: AuthMethodInterceptor: mapping: tokens
[28/May/2015:13:51:29][http-bio-8443-exec-16]: AuthMethodInterceptor: loading /usr/share/pki/tps/conf/auth-method.properties
[28/May/2015:13:51:29][http-bio-8443-exec-16]: AuthMethodInterceptor: checking /var/lib/pki/pki-tomcat/tps/conf/auth-method.properties
[28/May/2015:13:51:29][http-bio-8443-exec-16]: AuthMethodInterceptor: required auth methods: [certUserDBAuthMgr]
[28/May/2015:13:51:29][http-bio-8443-exec-16]: AuthMethodInterceptor: authentication manager: passwdUserDBAuthMgr

I couldn't get past that. Is there a workaround?

I also tried to set up a TPS on an independent tomcat instance. Although the installation seems successful, a simple format always ends with the following (with nothing after that):
TPSProcessor.getSharedSecretTransportKey: calculated key name: sharedSecretInd
This issue is part of the ticket I am working on for 10.2.5, so it can wait: https://fedorahosted.org/pki/ticket/867

Christina

On 05/26/2015 11:39 PM, Matthew Harmsen wrote:
Everyone,

Please provide Karma for the following Dogtag 10.2.4 packages for Fedora 22:

dogtag-pki-theme-10.2.4-1.fc22

pki-core-10.2.4-1.fc22

pki-console-10.2.4-1.fc22

dogtag-pki-10.2.4-1.fc22

Thanks,
-- Matt
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel