diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2017-02-08 12:18:03 +1000 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2017-04-19 11:30:15 +1000 |
commit | b099b631bb49e17e0aa4cd8c7a818ba1c923ec92 (patch) | |
tree | 5e73d35db97c85f2c629f1e42c91d4122f1727f5 /base/ca/shared | |
parent | dcc42ad4ed7fcbc566b7cf7ce1cbfae93b24a9a9 (diff) | |
download | pki-b099b631bb49e17e0aa4cd8c7a818ba1c923ec92.tar.gz pki-b099b631bb49e17e0aa4cd8c7a818ba1c923ec92.tar.xz pki-b099b631bb49e17e0aa4cd8c7a818ba1c923ec92.zip |
Add authn manager that reuses auth token from session
To process a cert request immediately (rather than having it queued
as pending), the user must be authenticated *by the profile*; auth
tokens from the main authentication system are not used.
For external authentication support it is possible that the external
authentication is sufficient to authenticate use of a problem;
especially when the profile uses componenets like
ExternalProcessConstraint to perform validation of the cert request
against external sources of information.
To support this use case, add the SessionAuthentication profile
authenticator, which merely reuses the IAuthToken from the session
context, if present.
Part of: https://pagure.io/dogtagpki/issue/1359
Diffstat (limited to 'base/ca/shared')
-rw-r--r-- | base/ca/shared/conf/CS.cfg | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg index e8003603b..392331952 100644 --- a/base/ca/shared/conf/CS.cfg +++ b/base/ca/shared/conf/CS.cfg @@ -175,6 +175,7 @@ auths.impl.UidPwdGroupDirAuth.class=com.netscape.cms.authentication.UidPwdGroupD auths.impl.UserPwdDirAuth.class=com.netscape.cms.authentication.UserPwdDirAuthentication auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication auths.impl.FlatFileAuth.class=com.netscape.cms.authentication.FlatFileAuth +auths.impl.SessionAuthentication.class=com.netscape.cms.authentication.SessionAuthentication auths.instance.TokenAuth.pluginName=TokenAuth auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents auths.instance.AgentCertAuth.pluginName=AgentCertAuth @@ -183,6 +184,7 @@ auths.instance.raCertAuth.pluginName=AgentCertAuth auths.instance.flatFileAuth.pluginName=FlatFileAuth auths.instance.flatFileAuth.fileName=[PKI_INSTANCE_PATH]/conf/[PKI_SUBSYSTEM_TYPE]/flatfile.txt auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth +auths.instance.SessionAuthentication.pluginName=SessionAuthentication auths.revocationChecking.bufferSize=50 auths.revocationChecking.ca=ca auths.revocationChecking.enabled=true |