Re: [Pki-devel] [PATCH] patches for authz realm and fixing output on request rejection

Patch descriptions .. in reverse order. Note that the CA setup for authz is further documented at pki.fedoraproject.org/wiki/Kra_authz_realm , where I have added a section on 'CA Configuration". Thanks, Ade **************************************************************** commit ad1fcecc2f36cc1ebc1f13efe3df9d1e138224b7 Author: Ade Lee <alee(a)redhat.com&gt; Date: Mon May 9 15:00:20 2016 -0400 Add authz realm check for cert enrollment Ticket 2041 commit b5232ce101083409ed9a86e9057620cca7288f62 Author: Ade Lee <alee(a)redhat.com&gt; Date: Sat May 7 00:06:08 2016 -0400 Fix error output when request is rejected With this fix, error messages are returned to the user when a request is rejected - either in the UI or from the pki CLI. Trac Ticket 1247 (amongst others) commit 82d18a99103de1fa749b077cfccec5ff65ceb4a5 Author: Ade Lee <alee(a)redhat.com&gt; Date: Wed May 4 18:25:51 2016 -0400 Add realm to requests coming in from CA Requests to the KRA through the CA-KRA connector use the Enrollment Service. This has been modified to read and store any realm passed in. The realm can be added to the request by havibg the admin add a AuthzRealmDefault and AuthzRealmConstraint in a profile. At this point, all the constraint does is verify that the realm is one of a specified list of realms. More verification will be added in a subsequent patch. No attempt is made yet to allow users to specify the realm. This would need to be added as a ProfileInput. Part of Ticket 2041