Hi,
I had the same topic with an instance running since approx Oct 2018.
I set up a new test instance and tried to reproduce the problem without
success.
Never the less I could compare configuration of both instances and found
that after changing the code you described as follows everything worked as
expected:
Certificate:
type: ClientX509
label: Certificate
description:
I18N_OPENXPKI_CONFIG_AUTH_HANDLER_DESCRIPTION_CERTIFICATE_WEBSERVER
role: User
realm: ca-one
furthermore I had to comment out the following part of handler.yaml:
#Signature:
# type: ChallengeX509
# label: Signature
# description: I18N_OPENXPKI_CONFIG_AUTH_HANDLER_DESCRIPTION_SIGNATURE
# challenge_length: 256
# role:
# default: 'User'
# handler@: connector:auth.connector.role
# argument: cn
# # define your trust anchors here
# # Allows every known user of the realm to login
# realm:
# - ca-one
# cacert:
# - list of extra cert identifiers
After this i restarted openxpkid service and everything running fine again.
:)
Am Fr., 1. März 2019 um 15:03 Uhr schrieb Klimmeck, Timo <
[email protected]>:
> Hi everyone,
>
>
>
> it seems like there is something wrong with how I modified handler.yaml in
> auth.
>
> If I try to write the role section like in the docs:
>
>
>
> Certificate:
>
> type: ClientX509
>
> label: Certificate
>
> description:
> I18N_OPENXPKI_CONFIG_AUTH_HANDLER_DESCRIPTION_CERTIFICATE_WEBSERVER
>
> role:
>
> default: User
>
> handler@: connector:auth.connector.role
>
> argument: cn
>
> realm:
>
> - ca-one
>
>
>
> We get, for both ClientX509 and ChallengeX509, the following error:
>
>
>
> ==> /var/log/openxpki/openxpki.log <==
>
> 2019/03/01 14:58:38 FATAL Eval error during initialization task
> 'authentication': requested value is not a scalar $VAR1 = {
>
> 'argument' => 'cn',
>
> 'default' => 'User',
>
> 'handler' => \'connector:auth.connector.role'
>
> };
>
> [pid=4209|]
>
>
>
> Could you please tell me, if we forgot something in the configuration?
>
>
>
> Thank you so much in advance.
>
>
>
> Best Regards,
>
>
> *Timo Klimmeck *Werkstudent
> Bereich Compliance & Information Security
>
> E-Mail: [email protected]
> Web: www.adesso-service.com
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.adesso-2Dservice.com_&d=DwMFAw&c=-5LgSL_TkF3nGRQI95ci6eeFVMQ5VESHPf5koMIAxOA&r=-l-tJnueMWRiaos9gBffxHHLVl_WzKcuHi45sOCo81A&m=L6iYYqGNGpeGXwLKwi1kkJEK97zcuWJ_BGjLPCRKu_E&s=O2FSJp5aFkurWC4ZGwoi-8oLsZWERGTuBDdO14mLhsw&e=>
>
>
>
> adesso as a service GmbH
> Stockholmer Allee 24
> 44269 Dortmund
>
>
> adesso as a service GmbH *·* Sitz der Gesellschaft: Dortmund *·* Amtsgericht
> Dortmund HRB 25321 *·* Geschäftsführer: Stefan Schmitt, Christopher
> Schmelter
>
>
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
