diff options
| author | Christina Fu <cfu@redhat.com> | 2016-05-17 17:57:11 -0700 |
|---|---|---|
| committer | Christina Fu <cfu@redhat.com> | 2016-05-18 10:18:48 -0700 |
| commit | 5fe2ebbf66a5ebe0acc11ea7868db8a79b332ddb (patch) | |
| tree | bda4b60c941995d9e65172c832e0aa323ea32e4b /base/tps/shared/conf | |
| parent | 81c1d8fdd2c6e6248190cdeafe3ce032c8876e95 (diff) | |
| download | pki-5fe2ebbf66a5ebe0acc11ea7868db8a79b332ddb.tar.gz pki-5fe2ebbf66a5ebe0acc11ea7868db8a79b332ddb.tar.xz pki-5fe2ebbf66a5ebe0acc11ea7868db8a79b332ddb.zip | |
Ticket #1527 reopened: retrieved wrong ca connector config parameter
This ticket was reopened due to retrieving wrong ca connector config param for the case when format is done within an enrollment.
The following is attempted:
op.enroll.userKey.ca.conn
while the following is intended:
op.format.userKey.ca.conn
In addition, this patch also fixes the following issues;
a. reason param name is not conforming: "reason" instead of "revokeReason"
b. adding default reason to format TPS profiles
c. by default mappingResolver.formatProfileMappingResolver resolves
to tokenKey, while enroll resolves to userKey.
-> now changed the userKey
d. if revocation fails during format, it was forgiving.
-> now changed so that error is logged in activity log and exception
thrown and bail out
Diffstat (limited to 'base/tps/shared/conf')
| -rw-r--r-- | base/tps/shared/conf/CS.cfg | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/base/tps/shared/conf/CS.cfg b/base/tps/shared/conf/CS.cfg index 638787d22..90d1747dd 100644 --- a/base/tps/shared/conf/CS.cfg +++ b/base/tps/shared/conf/CS.cfg @@ -428,6 +428,7 @@ op.format.delegateIEtoken.issuerinfo.enable=true op.format.delegateIEtoken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome op.format.delegateIEtoken.loginRequest.enable=true op.format.delegateIEtoken.revokeCert=false +op.format.delegateIEtoken.revokeCert.reason=0 op.format.delegateIEtoken.tks.conn=tks1 op.format.delegateIEtoken.update.applet.directory=/usr/share/pki/tps/applets op.format.delegateIEtoken.update.applet.emptyToken.enable=true @@ -686,6 +687,7 @@ op.format.delegateISEtoken.issuerinfo.enable=true op.format.delegateISEtoken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome op.format.delegateISEtoken.loginRequest.enable=true op.format.delegateISEtoken.revokeCert=false +op.format.delegateISEtoken.revokeCert.reason=0 op.format.delegateISEtoken.tks.conn=tks1 op.format.delegateISEtoken.update.applet.directory=/usr/share/pki/tps/applets op.format.delegateISEtoken.update.applet.emptyToken.enable=true @@ -770,6 +772,7 @@ op.format.externalRegAddToToken.update.applet.requiredVersion=1.4.54de790f op.format.externalRegAddToToken.update.symmetricKeys.enable=false op.format.externalRegAddToToken.update.symmetricKeys.requiredVersion=1 op.format.externalRegAddToToken.revokeCert=false +op.format.externalRegAddToToken.revokeCert.reason=0 op.enroll.allowUnknownToken=true op.enroll.mappingResolver=enrollProfileMappingResolver op.enroll.soKey.cuidMustMatchKDD=false @@ -1392,6 +1395,7 @@ op.format.cleanToken.issuerinfo.enable=true op.format.cleanToken.issuerinfo.value= op.format.cleanToken.loginRequest.enable=true op.format.cleanToken.revokeCert=true +op.format.cleanToken.revokeCert.reason=0 op.format.cleanToken.tks.conn=tks1 op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets op.format.cleanToken.update.applet.emptyToken.enable=true @@ -1413,6 +1417,7 @@ op.format.soCleanSOToken.issuerinfo.enable=true op.format.soCleanSOToken.issuerinfo.value= op.format.soCleanSOToken.loginRequest.enable=false op.format.soCleanSOToken.revokeCert=true +op.format.soCleanSOToken.revokeCert.reason=0 op.format.soCleanSOToken.tks.conn=tks1 op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets op.format.soCleanSOToken.update.applet.emptyToken.enable=true @@ -1434,6 +1439,7 @@ op.format.soCleanUserToken.issuerinfo.enable=true op.format.soCleanUserToken.issuerinfo.value= op.format.soCleanUserToken.loginRequest.enable=false op.format.soCleanUserToken.revokeCert=true +op.format.soCleanUserToken.revokeCert.reason=0 op.format.soCleanUserToken.tks.conn=tks1 op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets op.format.soCleanUserToken.update.applet.emptyToken.enable=true @@ -1455,6 +1461,7 @@ op.format.soKey.issuerinfo.enable=true op.format.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome op.format.soKey.loginRequest.enable=true op.format.soKey.revokeCert=true +op.format.soKey.revokeCert.reason=0 op.format.soKey.tks.conn=tks1 op.format.soKey.update.applet.directory=[TPS_DIR]/applets op.format.soKey.update.applet.emptyToken.enable=true @@ -1476,6 +1483,7 @@ op.format.soUserKey.issuerinfo.enable=true op.format.soUserKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome op.format.soUserKey.loginRequest.enable=false op.format.soUserKey.revokeCert=true +op.format.soUserKey.revokeCert.reason=0 op.format.soUserKey.tks.conn=tks1 op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets op.format.soUserKey.update.applet.emptyToken.enable=true @@ -1497,6 +1505,7 @@ op.format.tokenKey.issuerinfo.enable=true op.format.tokenKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome op.format.tokenKey.loginRequest.enable=true op.format.tokenKey.revokeCert=true +op.format.tokenKey.revokeCert.reason=0 op.format.tokenKey.tks.conn=tks1 op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets op.format.tokenKey.update.applet.emptyToken.enable=true @@ -1518,6 +1527,7 @@ op.format.userKey.issuerinfo.enable=true op.format.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome op.format.userKey.loginRequest.enable=true op.format.userKey.revokeCert=true +op.format.userKey.revokeCert.reason=0 op.format.userKey.tks.conn=tks1 op.format.userKey.update.applet.directory=[TPS_DIR]/applets op.format.userKey.update.applet.emptyToken.enable=true @@ -1768,7 +1778,7 @@ mappingResolver.formatProfileMappingResolver.mapping.6.filter.appletMinorVersion mappingResolver.formatProfileMappingResolver.mapping.6.filter.tokenATR= mappingResolver.formatProfileMappingResolver.mapping.6.filter.tokenCUID.end= mappingResolver.formatProfileMappingResolver.mapping.6.filter.tokenCUID.start= -mappingResolver.formatProfileMappingResolver.mapping.6.target.tokenType=tokenKey +mappingResolver.formatProfileMappingResolver.mapping.6.target.tokenType=userKey mappingResolver.formatProfileMappingResolver.mapping.order=0,1,2,3,4,5,6 mappingResolver.pinResetProfileMappingResolver.class_id=filterMappingResolverImpl mappingResolver.pinResetProfileMappingResolver.mapping.0.filter.appletMajorVersion= |