dogtagpki

Clone
Source Code
GIT

#1028 TPS rewrite: provide externalReg functionality
Closed: Fixed None Opened 9 years ago by cfu.

Closed: Fixed
Reopen Issue

provide extrnalReg functionality.

Proposed Milestone: 10.2.2 (per CS Meeting of 09/17/2014)

External Reg

Pushed to master:
commit 91c77390474d67cfd0c15b8b3377997b3f0cd38a

note for this checkin:
Due to a recent change of task priorities, I am to check in this feature in two phases (coming back to phase 2 at a later time).
In this Phase 1, the code for this feature is in place, but may not be in the most optimal condition.
The goal for Phase 1 is to:

  1. not break existing functionality (non ExternalReg -- which is default)
  2. when ExternalReg is turned on, it works for the basic case (didn't
    test for more complicated cases)... e.g. I don't know if say an existing
    cert on the token is missing from the externalReg user record, whether
    it will be removed or not.
  3. it is not guaranteed to work with more complicated scenario
  4. code has been run through and cleaned up in Eclipse

Later, for Phase 2:

  1. really clean up and add bells and whistles (more error checkings, more efficient code,
    proper logging, etc.)
  2. test/cover all cases

Per 10.2.2 Triage meeting of 02/24/2015: 10.2.3

Christina will resume this after PTO.

commit 711d3ca66b6702a33839c3a436550464fa49d0d8

Ticket#1028 phase2: TPS rewrite: provide externalReg functionality
This patch is the 2nd phase of the externalReg feature, it makes the
following improvements:
- added feature: recovery by keyid (v.s. by cert)
- fixed some auditing message errors
- added some missing ldapStringAttributes needed for delegation to work
properly
- added missing externalReg required config parameters
- made corrections to some externalReg related parameters to allow
delegation to work properly
- added handle of some error cases
- made sure externalReg enrollment does not go half-way (once fails,
bails out)

tested:
- enrollment of the three default TPS profiles (tokenTypes)
- format of the tokens enrolled with the three default tps profiles
- delegation enrollments
- cuid match check

next phase:
- cert/key retention (allow preserving existing certs/keys on the token)

note:
- some of the activity log and cert status related issues that are not
specifically relating to externalReg will be addressed in other more
relevant tickets.

Per Dogtag 10.2.x TRIAGE meeting of 04/28/2015: (Tech Preview Feature)

since the ExternalReg framework/feature has been developed. I'm creating a separate ticket to cover the cert/key retention feature:
https://fedorahosted.org/pki/ticket/1375

this is so that:
1. the main ExternalReg feature can be tested on
2. the remaining (cert/key retention) add-on feature can be taken cared of at a later time

Metadata Update from @cfu:
- Issue assigned to cfu
- Issue set to the milestone: 10.2.4
7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1593

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
blocker
None
None
None
task
None
None
None
None
TPS Rewrite
RHCust
None
None
None
None
None
None
TPS
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.