Hi Ronny, the profiles have so called "sub styles" and the SCEP workflow uses the "enrollment" style which does not have a UI section - so either change what profile is used or edit the profile sections. Be warned, the workflow is not yet prepared for this and there might be some more problems...
Oliver Am 11.01.19 um 10:55 schrieb Ronald Feicht: > Hi, > > I am trying to add the functionality to edit the subject DN and SAN > information before approving a CSR received through SCEP. So, I > duplicated certificate_enroll.yaml, changed its prefix and added / > extended the following states, actions and fields (taken from > certificate_signing_request_v2) to the workflow: > > state: > PENDING: > label: I18N_OPENXPKI_UI_WORKFLOW_STATE_CSR_PENDING_LABEL > description: I18N_OPENXPKI_UI_WORKFLOW_STATE_CSR_PENDING_DESC > action: > - edit_subject > UPDATE_REQUEST > - edit_san > UPDATE_REQUEST > - reject_request notify_request_rejected > global_set_error_rejected > FAILURE ? global_is_operator > - approve_csr calculate_approval_points > RECHECK_APPROVAL ? > global_is_operator is_manual_approval_allowed > - global_clear_error_code > START_APPROVAL ? > is_eligibility_recheck_allowed > output: > - error_code > - server > - interface > - cert_subject > - cert_subject_alt_name > - comment > - cert_profile > - request_mode > - is_replace > - is_eligible > - eligibility_result > - transaction_id > - signer_cert_identifier > - signer_revoked > - signer_trusted > - signer_authorized > - signer_validity_ok > - has_valid_challenge_password > - has_valid_hmac > button: > edit_subject: > format: optional > edit_san: > format: optional > approve_csr: > format: expected > global_clear_error_code: > label: > I18N_OPENXPKI_UI_WORKFLOW_BUTTON_ELIGIBILITY_RECHECK_LABEL > format: alternative > reject_request: > format: failure > > UPDATE_REQUEST: > autorun: 1 > action: > - cancel_approvals render_subject set_workflow_attributes > > RECHECK_APPROVAL > > ... > > action: > edit_subject: > class: OpenXPKI::Server::Workflow::Activity::Tools::SetSource > uihandle: OpenXPKI::Client::UI::Handle::Profile::render_subject_form > label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CSR_EDIT_SUBJECT_LABEL > description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CSR_EDIT_SUBJECT_DESC > input: > - cert_subject_parts > param: > source: USER > validator: > - global_cert_subject_parts > - global_common_name_length > > edit_san: > class: OpenXPKI::Server::Workflow::Activity::Tools::SetSource > uihandle: OpenXPKI::Client::UI::Handle::Profile::render_subject_form > label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CSR_EDIT_SAN_LABEL > description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CSR_EDIT_SAN_DESC > input: > - cert_san_parts > param: > source: USER > validator: > - global_cert_san_parts > > render_subject: > class: OpenXPKI::Server::Workflow::Activity::Tools::RenderSubject > param: > _map_cert_profile: $cert_profile > _map_cert_subject_style: "[% IF context.cert_subject_style > %][% context.cert_subject_style %][% ELSE %]enroll[% END %]" > > ... > > field: > cert_subject_parts: > label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SUBJECT_PARTS_LABEL > name: cert_subject_parts > description: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SUBJECT_PARTS_DESC > placeholder: > I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SUBJECT_PARTS_PLACEHOLDER > tooltip: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SUBJECT_PARTS_TOOLTIP > type: cert_subject > required: 0 > > cert_san_parts: > label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SAN_PARTS_LABEL > name: cert_san_parts > description: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SAN_PARTS_DESC > placeholder: > I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SAN_PARTS_PLACEHOLDER > tooltip: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERT_SAN_PARTS_TOOLTIP > type: cert_san > required: 0 > > ... > > When a workflow is received through SCEP it pauses in state "PENDING". > The buttons "edit subject" and "edit san" are displayed, yet, when I > press either one a new page is displayed: > Edit Subject / Certificate Enrollment > Edit the items in the main subject of the certification request. The > final subject will be composed from your input based on the selected > profile and the PKIs policy. You can recheck and edit the subject before > final submission. > "continue" "go back" "force failure" > > But the input fields and their values are missing. When I press the > "continue" button the error message "One or more subject fields have > errors." is displayed on the top of the page. When I click "go back" the > page returns to the "PENDING" page where I can approve the CSR which is > then issued correctly. So, everything is working correctly except for > the missing input fields for editing the subject or SAN. I assume that > something is missing - maybe in "render_subject" action, but what? > > Best regards > Ronny > > -- > *sc synergy GmbH* > Am Kümmerling 24-26 | 55294 Bodenheim | Deutschland > Fon: +49 6135 71691 - 000 | Fax: +49 6135 71691 - 199 > http://www.scsynergy.com | [email protected] > Sitz der Gesellschaft Bodenheim, HRB 8830, Amtsgericht Mainz, > Geschäftsführer: Christian Reichert > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
