Re: [Pki-devel] [PATCH] 422 Added login page for TPS UI.

Hi Endi, First of all, thank you for your patience on the irc. Here is a summary of my comments/questions: * I asked if the login/logout thing can be applied to the other subsystems agent interface - you said yes. I filed a separate ticket to do later: https://fedorahosted.org/pki/ticket/902 - Login & logout link/page for CA, KRA, OCSP, TKS * I asked whether the logout() event can be signalled into the cs service so the event can be audited. You pondered on some idea, but I put a note in the new ticket so we can look at later. * I asked if window.crypto.logout stuff works for IE as well (we are required to support IE, as I understand it)? - I did a quick search and it seems like IE does not support it, but you can do the following: document.execCommand('ClearAuthenticationCache'); If the research is going to take a long time, then feel free to file a separate ticket to take care of it later. Otherwise, please make sure IE is supported. * I asked where the roles under <role-name>*</role-name> are checked. - you explained to me that its checked under ACLInterceptor, where the list of roles is obtained using PKIRealm which takes acl.properties in for the resource/action acl mapping, and which correctly used the same underlying group/user framework that's used by the pre-existing non-rest servlets. * I asked why <login-config> does not need <auth-method>xxx</auth-method> definition in the web.xml - You explained that because you have a fallback authenticator called SSLAuthenticatorWithFallback (specified in tps-tomcat/shared/conf/Catalina/localhost/tps.xml) which looks into auth-method.properties to check for correct authentication method for each op. Since the first two items are already captured in the new ticket, I think only the 3rd item needs to be considered for either immediate addressing or filing for a new ticket. It's up to you. That's all I have. thanks, Christina On 03/10/2014 03:42 PM, Endi Sukma Dewata wrote: