Hi Timo, Martin, we unfortunately had to break the backward compatibility to the old sample config (for the first time in three years...).
Sorry for breaking things, I assumed stating this in the Release Post would be sufficient (https://sourceforge.net/p/openxpki/mailman/message/36595826/) but if you have other suggestions on how to communicate this I appreciate your input. Oliver Am 01.03.19 um 16:31 schrieb Martin Krämer: > Hi, > > I had the same topic with an instance running since approx Oct 2018. > I set up a new test instance and tried to reproduce the problem without > success. > Never the less I could compare configuration of both instances and found > that after changing the code you described as follows everything worked > as expected: > > Certificate: > type: ClientX509 > label: Certificate > description: > I18N_OPENXPKI_CONFIG_AUTH_HANDLER_DESCRIPTION_CERTIFICATE_WEBSERVER > role: User > realm: ca-one > > furthermore I had to comment out the following part of handler.yaml: > > #Signature: > # type: ChallengeX509 > # label: Signature > # description: I18N_OPENXPKI_CONFIG_AUTH_HANDLER_DESCRIPTION_SIGNATURE > # challenge_length: 256 > # role: > # default: 'User' > # handler@: connector:auth.connector.role > # argument: cn > # # define your trust anchors here > # # Allows every known user of the realm to login > # realm: > # - ca-one > # cacert: > # - list of extra cert identifiers > > After this i restarted openxpkid service and everything running fine > again. :) > > > Am Fr., 1. März 2019 um 15:03 Uhr schrieb Klimmeck, Timo > <[email protected] > <mailto:[email protected]>>: > > Hi everyone,____ > > __ __ > > it seems like there is something wrong with how I modified > handler.yaml in auth.____ > > If I try to write the role section like in the docs:____ > > __ __ > > Certificate:____ > > type: ClientX509____ > > label: Certificate____ > > description: > I18N_OPENXPKI_CONFIG_AUTH_HANDLER_DESCRIPTION_CERTIFICATE_WEBSERVER____ > > role:____ > > default: User____ > > handler@: connector:auth.connector.role____ > > argument: cn____ > > realm:____ > > - ca-one____ > > __ __ > > We get, for both ClientX509 and ChallengeX509, the following error:____ > > __ __ > > ==> /var/log/openxpki/openxpki.log <==____ > > 2019/03/01 14:58:38 FATAL Eval error during initialization task > 'authentication': requested value is not a scalar $VAR1 = {____ > > 'argument' => 'cn',____ > > 'default' => 'User',____ > > 'handler' => \'connector:auth.connector.role'____ > > };____ > > [pid=4209|]____ > > __ __ > > Could you please tell me, if we forgot something in the > configuration?____ > > __ __ > > Thank you so much in advance.____ > > __ __ > > Best Regards,____ > > *Timo Klimmeck > *Werkstudent > Bereich Compliance & Information Security ____ > > E-Mail: [email protected] > <mailto:[email protected]> > Web: www.adesso-service.com > > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.adesso-2Dservice.com_&d=DwMFAw&c=-5LgSL_TkF3nGRQI95ci6eeFVMQ5VESHPf5koMIAxOA&r=-l-tJnueMWRiaos9gBffxHHLVl_WzKcuHi45sOCo81A&m=L6iYYqGNGpeGXwLKwi1kkJEK97zcuWJ_BGjLPCRKu_E&s=O2FSJp5aFkurWC4ZGwoi-8oLsZWERGTuBDdO14mLhsw&e=>____ > > ____ > > adesso as a service GmbH > Stockholmer Allee 24 > 44269 Dortmund____ > > > adesso as a service GmbH *·* Sitz der Gesellschaft: > Dortmund *·* Amtsgericht Dortmund HRB 25321 *·*Geschäftsführer: > Stefan Schmitt, Christopher Schmelter____ > > __ __ > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
