Hello, I am trying to figure out the configuration for the X509 authentication and am wondering if somebody can help me out.
I'm currently running into the following issues: 1) I don't know how the "ca-one-x509-roles.yaml" file is supposed to be formatted. I followed the instructions from https://sourceforge.net/p/openxpki/mailman/message/35827782/ and they mention the following configuration format: Joerg Eckert: RA Operator Using this format stops the server from starting due to the following error: 2019/02/08 13:32:28 FATAL Exception during server initialization: I18N_OPENXPKI_SERVER_INIT_TASK_INIT_FAILURE; __EVAL_ERROR__ => requested value is not a scalar at /usr/share/perl5/Connector/Proxy/YAML.pm line$ ; __task__ => authentication (I18N_OPENXPKI_SERVER_INIT_TASK_INIT_FAILURE; __task__ => authentication; __EVAL_ERROR__ => requested value is not a scalar at /usr/share/perl5/Connector/Proxy/YAML.pm line 78. Trace begun at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server/Init.pm line 126 OpenXPKI::Server::Init::init('HASH(0x2d2b740)') called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server.pm line 63 eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server.pm line 53 OpenXPKI::Server::__init_server('OpenXPKI::Server=HASH(0x43d9280)') called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server.pm line 109 OpenXPKI::Server::start('OpenXPKI::Server=HASH(0x43d9280)') called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Control.pm line 228 eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Control.pm line 223 OpenXPKI::Control::start('HASH(0x2132e78)') called at /usr/bin/openxpkictl line 115 ) [pid=19834|] 2) When using the Signature handler (Certificate Challenge/Response) the following log output is generated in the webui.log file: 2019/02/08 16:27:38 current session status GET_AUTHENTICATION_STACK [pid=21306|sid=1678] 2019/02/08 16:27:38 not logged in - doing auth - page is - action is login!stack [pid=21306|sid=1678] 2019/02/08 16:27:38 set auth_stack in session: Certificate via Webserver [pid=21306|sid=1678] 2019/02/08 16:27:38 Authentication stack: Certificate via Webserver [pid=21306|sid=1678] 2019/02/08 16:27:38 Selected realm , new status GET_CLIENT_X509_LOGIN [pid=21306|sid=1678] 2019/02/08 16:27:38 Requested login type CLIENT_X509 [pid=21306|sid=1678] 2019/02/08 16:27:38 unhandled error during auth [pid=21306|sid=1678] 2019/02/08 16:27:38 request handled [pid=21306|sid=1678] 2019/02/08 16:27:38 uncaught application error [pid=21306|sid=1678] >From what I understand from the source code, the login handler has not been >called. In the handle_login function in UI.pem no $reply has been generated >and the request just falls through until the end of the function where the >"uncaught application error" line is being printed. So the part below "} elsif ( $login_type eq 'CLIENT_X509' ) {" doesn't seem to be executed and thus a login with the X509 does not seem to be possible regardless of the configuration. I'd be grateful for any help. Thank you. Kind regards Simon Wessel Working Student Bereich Compliance & Information Security E-Mail: [email protected]<mailto:[email protected]> Web: www.adesso-service.com<http://www.adesso-service.com/> adesso as a service GmbH Stockholmer Allee 24 44269 Dortmund adesso as a service GmbH · Sitz der Gesellschaft: Dortmund · Amtsgericht Dortmund HRB 25321 · Geschäftsführer: Stefan Schmitt, Christopher Schmelter
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
