Add authn manager that reuses auth token from session

To process a cert request immediately (rather than having it queued
as pending), the user must be authenticated *by the profile*; auth
tokens from the main authentication system are not used.

For external authentication support it is possible that the external
authentication is sufficient to authenticate use of a problem;
especially when the profile uses componenets like
ExternalProcessConstraint to perform validation of the cert request
against external sources of information.

To support this use case, add the SessionAuthentication profile
authenticator, which merely reuses the IAuthToken from the session
context, if present.

Part of: https://pagure.io/dogtagpki/issue/1359

1 files changed, 2 insertions, 0 deletions

diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg
index e8003603b..392331952 100644
--- a/base/ca/shared/conf/CS.cfg
+++ b/base/ca/shared/conf/CS.cfg
@@ -175,6 +175,7 @@ auths.impl.UidPwdGroupDirAuth.class=com.netscape.cms.authentication.UidPwdGroupD
 auths.impl.UserPwdDirAuth.class=com.netscape.cms.authentication.UserPwdDirAuthentication
 auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication
 auths.impl.FlatFileAuth.class=com.netscape.cms.authentication.FlatFileAuth
+auths.impl.SessionAuthentication.class=com.netscape.cms.authentication.SessionAuthentication
 auths.instance.TokenAuth.pluginName=TokenAuth
 auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
 auths.instance.AgentCertAuth.pluginName=AgentCertAuth
@@ -183,6 +184,7 @@ auths.instance.raCertAuth.pluginName=AgentCertAuth
 auths.instance.flatFileAuth.pluginName=FlatFileAuth
 auths.instance.flatFileAuth.fileName=[PKI_INSTANCE_PATH]/conf/[PKI_SUBSYSTEM_TYPE]/flatfile.txt
 auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth
+auths.instance.SessionAuthentication.pluginName=SessionAuthentication
 auths.revocationChecking.bufferSize=50
 auths.revocationChecking.ca=ca
 auths.revocationChecking.enabled=true