From b099b631bb49e17e0aa4cd8c7a818ba1c923ec92 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Wed, 8 Feb 2017 12:18:03 +1000 Subject: Add authn manager that reuses auth token from session To process a cert request immediately (rather than having it queued as pending), the user must be authenticated *by the profile*; auth tokens from the main authentication system are not used. For external authentication support it is possible that the external authentication is sufficient to authenticate use of a problem; especially when the profile uses componenets like ExternalProcessConstraint to perform validation of the cert request against external sources of information. To support this use case, add the SessionAuthentication profile authenticator, which merely reuses the IAuthToken from the session context, if present. Part of: https://pagure.io/dogtagpki/issue/1359 --- base/ca/shared/conf/CS.cfg | 2 ++ 1 file changed, 2 insertions(+) (limited to 'base/ca') diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg index e8003603b..392331952 100644 --- a/base/ca/shared/conf/CS.cfg +++ b/base/ca/shared/conf/CS.cfg @@ -175,6 +175,7 @@ auths.impl.UidPwdGroupDirAuth.class=com.netscape.cms.authentication.UidPwdGroupD auths.impl.UserPwdDirAuth.class=com.netscape.cms.authentication.UserPwdDirAuthentication auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication auths.impl.FlatFileAuth.class=com.netscape.cms.authentication.FlatFileAuth +auths.impl.SessionAuthentication.class=com.netscape.cms.authentication.SessionAuthentication auths.instance.TokenAuth.pluginName=TokenAuth auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents auths.instance.AgentCertAuth.pluginName=AgentCertAuth @@ -183,6 +184,7 @@ auths.instance.raCertAuth.pluginName=AgentCertAuth auths.instance.flatFileAuth.pluginName=FlatFileAuth auths.instance.flatFileAuth.fileName=[PKI_INSTANCE_PATH]/conf/[PKI_SUBSYSTEM_TYPE]/flatfile.txt auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth +auths.instance.SessionAuthentication.pluginName=SessionAuthentication auths.revocationChecking.bufferSize=50 auths.revocationChecking.ca=ca auths.revocationChecking.enabled=true -- cgit