summaryrefslogtreecommitdiffstats
path: root/base
diff options
context:
space:
mode:
authorChristina Fu <cfu@redhat.com>2014-07-24 11:31:10 -0700
committerChristina Fu <cfu@redhat.com>2014-07-24 16:00:04 -0700
commitd088bab2e335d266c465c333dc3f7c316c30bd46 (patch)
tree014ed8a7adc037c2fbbb2606f6e1818e7b98d32e /base
parent16d4e314ba89a28668e04e3b6cf470ced5d0e360 (diff)
downloadpki-d088bab2e335d266c465c333dc3f7c316c30bd46.tar.gz
pki-d088bab2e335d266c465c333dc3f7c316c30bd46.tar.xz
pki-d088bab2e335d266c465c333dc3f7c316c30bd46.zip
authentication fix: fixed issue relating to authentication that
switching between ESC and tpsclient needs to change CS.cfg param value and restart TPS. This fix makes the issue go away. The actual issue is the differences between "loginRequest" and "extendedLoginRequeest".
Diffstat (limited to 'base')
-rw-r--r--base/tps-tomcat/shared/conf/CS.cfg.in6
-rw-r--r--base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/AuthenticationManager.java43
-rw-r--r--base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/TPSAuthenticator.java20
-rw-r--r--base/tps-tomcat/src/org/dogtagpki/server/tps/processor/TPSProcessor.java14
4 files changed, 59 insertions, 24 deletions
diff --git a/base/tps-tomcat/shared/conf/CS.cfg.in b/base/tps-tomcat/shared/conf/CS.cfg.in
index 57a7866a5..4ae2b222f 100644
--- a/base/tps-tomcat/shared/conf/CS.cfg.in
+++ b/base/tps-tomcat/shared/conf/CS.cfg.in
@@ -41,11 +41,13 @@ auths.instance.ldap1.ui.description.en=This authenticates user against the LDAP
auths.instance.ldap1.ui.id.UID.description.en=LDAP User ID
auths.instance.ldap1.ui.id.UID.name.en=LDAP User ID
auths.instance.ldap1.ui.id.UID.credMap.authCred=uid
-auths.instance.ldap1.ui.id.UID.credMap.msgCred=screen_name
+auths.instance.ldap1.ui.id.UID.credMap.msgCred.extlogin=UID
+auths.instance.ldap1.ui.id.UID.credMap.msgCred.login=screen_name
auths.instance.ldap1.ui.id.PASSWORD.description.en=LDAP Password
auths.instance.ldap1.ui.id.PASSWORD.name.en=LDAP Password
auths.instance.ldap1.ui.id.PASSWORD.credMap.authCred=pwd
-auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred=password
+auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.extlogin=PASSWORD
+auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.login=password
auths.instance.ldap1.dnpattern=
auths.instance.ldap1.ldapByteAttributes=
auths.instance.ldap1.ldapStringAttributes=mail,cn,uid
diff --git a/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/AuthenticationManager.java b/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/AuthenticationManager.java
index 4cfee3e6f..e163bf6b1 100644
--- a/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/AuthenticationManager.java
+++ b/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/AuthenticationManager.java
@@ -48,11 +48,13 @@ public class AuthenticationManager
* auths.instance.ldap1.ui.id.PASSWORD.description.en=LDAP Password
* auths.instance.ldap1.ui.id.PASSWORD.name.en=LDAP Password
* auths.instance.ldap1.ui.id.PASSWORD.credMap.authCred=pwd
- * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred=password
+ * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.extlogin=PASSWORD
+ * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.login=password
* auths.instance.ldap1.ui.id.UID.description.en=LDAP User ID
* auths.instance.ldap1.ui.id.UID.name.en=LDAP User ID
* auths.instance.ldap1.ui.id.UID.credMap.authCred=uid
- * auths.instance.ldap1.ui.id.UID.credMap.msgCred=screen_name
+ * auths.instance.ldap1.ui.id.UID.credMap.msgCred.extlogin=UID
+ * auths.instance.ldap1.ui.id.UID.credMap.msgCred.login=screen_name
* auths.instance.ldap1.ui.retries=1
*
* # the following are handled by the IAuthManager itself
@@ -222,10 +224,11 @@ public class AuthenticationManager
CMS.debug("AuthenticationManager: createAuthentication(): added param="
+ id);
+ // map the auth mgr required cred to cred name in request message
IConfigStore credMapSub = uiParamSub.getSubStore(id + ".credMap");
if (credMapSub == null) {
CMS.debug("AuthenticationManager: createAuthentication(): conf "
- + uiParamSub.getName() + ".credMapsub" + " null or empty.");
+ + uiParamSub.getName() + ".credMap" + " null or empty.");
continue;
}
String authCred = credMapSub.getString("authCred");
@@ -234,17 +237,37 @@ public class AuthenticationManager
+ credMapSub.getName() + ".authCred" + " null or empty.");
continue;
}
- String msgCred = credMapSub.getString("msgCred");
- if (msgCred.isEmpty()) {
+
+ IConfigStore msgCredSub = credMapSub.getSubStore("msgCred");
+ if (msgCredSub == null) {
CMS.debug("AuthenticationManager: createAuthentication(): conf "
- + credMapSub.getName() + ".msgCred" + " null or empty.");
+ + uiParamSub.getName() + ".msgCred" + " null or empty.");
continue;
}
- // map the auth mgr required cred to cred name in request message
- auth.setCredMap(authCred, msgCred);
- CMS.debug("AuthenticationManager: createAuthentication(): added cred map="
- + authCred + ":" + msgCred);
+ String msgCred_login = msgCredSub.getString("login");
+ if (msgCred_login.isEmpty()) {
+ CMS.debug("AuthenticationManager: createAuthentication(): conf "
+ + msgCredSub.getName() + ".login" + " null or empty.");
+ continue;
+ }
+ auth.setCredMap(authCred, msgCred_login,
+ false /* not extendedLogin*/);
+ CMS.debug("AuthenticationManager: createAuthentication(): added cred map_login="
+ + authCred + ":" + msgCred_login);
+
+ String msgCred_extlogin = msgCredSub.getString("extlogin");
+ if (msgCred_extlogin.isEmpty()) {
+ CMS.debug("AuthenticationManager: createAuthentication(): conf "
+ + msgCredSub.getName() + ".extlogin" + " null or empty.");
+ continue;
+ }
+
+ auth.setCredMap(authCred, msgCred_extlogin,
+ true /* extendedLogin*/);
+ CMS.debug("AuthenticationManager: createAuthentication(): added cred map_extlogin="
+ + authCred + ":" + msgCred_extlogin);
+
}
Integer retries = uiSub.getInteger("retries", 1);
diff --git a/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/TPSAuthenticator.java b/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/TPSAuthenticator.java
index 8083343f5..4c7bcef0f 100644
--- a/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/TPSAuthenticator.java
+++ b/base/tps-tomcat/src/org/dogtagpki/server/tps/authentication/TPSAuthenticator.java
@@ -54,7 +54,8 @@ public class TPSAuthenticator {
* auths.instance.ldap1.ui.id.PASSWORD.credMap.authCred=pwd
* auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred=password
*/
- private HashMap<String, String> credMap;
+ private HashMap<String, String> credMap_login;
+ private HashMap<String, String> credMap_extlogin;
// retries if the user entered the wrong password/securid
private int maxLoginRetries = 1;
@@ -73,7 +74,8 @@ public class TPSAuthenticator {
uiTitle = new HashMap<String, String>();
uiDescription = new HashMap<String, String>();
uiParameters = new HashMap<String, AuthUIParameter>();
- credMap = new HashMap<String, String>();
+ credMap_login = new HashMap<String, String>();
+ credMap_extlogin = new HashMap<String, String>();
}
public String getID() {
@@ -112,12 +114,18 @@ public class TPSAuthenticator {
return uiParameters;
}
- public void setCredMap(String authCred, String msgCred) {
- credMap.put(authCred, msgCred);
+ public void setCredMap(String authCred, String msgCred, boolean extLogin) {
+ if (extLogin)
+ credMap_extlogin.put(authCred, msgCred);
+ else
+ credMap_login.put(authCred, msgCred);
}
- public String getCredMap(String authCred) {
- return credMap.get(authCred);
+ public String getCredMap(String authCred, boolean extLogin) {
+ if (extLogin)
+ return credMap_extlogin.get(authCred);
+ else
+ return credMap_login.get(authCred);
}
public int getNumOfRetries() {
diff --git a/base/tps-tomcat/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps-tomcat/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
index 735ebc248..22fb5734b 100644
--- a/base/tps-tomcat/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
+++ b/base/tps-tomcat/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
@@ -748,17 +748,19 @@ public class TPSProcessor {
* with mapped values from client
* configuration example:
*
- * auths.instance.ldap1.ui.id.UID.credMap.msgCred=screen_name
+ * auths.instance.ldap1.ui.id.UID.credMap.msgCred.extlogin=UID
+ * auths.instance.ldap1.ui.id.UID.credMap.msgCred.login=screen_name
* auths.instance.ldap1.ui.id.UID.credMap.authCred=uid
*
- * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred=password
+ * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.extlogin=PASSWORD
+ * auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.login=password
* auths.instance.ldap1.ui.id.PASSWORD.credMap.authCred=pwd
*
* @param response the message response to be mapped
* @param auth the authentication for mapping consultation
* @return IAuthCredentials auth credential for auth manager
*/
- public IAuthCredentials mapCredFromMsgResponse(TPSMessage response, TPSAuthenticator auth)
+ public IAuthCredentials mapCredFromMsgResponse(TPSMessage response, TPSAuthenticator auth, boolean extendedLogin)
throws EBaseException {
CMS.debug("TPSProcessor.mapCredFromMsgResponse");
if (response == null || auth == null) {
@@ -770,7 +772,7 @@ public class TPSProcessor {
String[] requiredCreds = auth.getAuthManager().getRequiredCreds();
for (String cred : requiredCreds) {
- String name = auth.getCredMap(cred);
+ String name = auth.getCredMap(cred, extendedLogin);
login.set(cred, response.get(name));
}
@@ -813,7 +815,7 @@ public class TPSProcessor {
throw e;
}
- IAuthCredentials login = mapCredFromMsgResponse(loginResp, auth);
+ IAuthCredentials login = mapCredFromMsgResponse(loginResp, auth, true /*extendedLogin*/);
return login;
}
@@ -849,7 +851,7 @@ public class TPSProcessor {
throw e;
}
- IAuthCredentials login = mapCredFromMsgResponse(loginResp, auth);
+ IAuthCredentials login = mapCredFromMsgResponse(loginResp, auth, false /*not extendedLogin*/);
return login;
}
generated by cgit (git 2.34.1) at 2024-06-14 04:52:18 +0000