Hi Thank you for your answer. Finally, I set up Basic Authentication + LDAP provider in Apache server, because /etc/apache2/conf-enabled/openxpki.conf file is bind from host to Docker container in your docker-compose file out of the box. After successful authentication, I use a new auth stack with a new handler with a fixed password and the same role as via GUI login.
Lukasz > On 16 May 2019, at 07:00, Oliver Welter <[email protected]> wrote: > > Hi Lukasz, > > the RPC wrapper can not handle authentication yet - if you want to > implement such you need to grab the authentication information from the > request and pass it to the constructor of OpenXPKI::Client::Simple in > line 55 og rpc.fcgi. > > Oliver > > Am 15.05.19 um 08:20 schrieb Łukasz Gajowiak: >> Hello >> I want to secure RPC endpoint in OpenXPKI. By now I have created new >> authentication stack, new handler using LDAP and new role. Login from GUI >> works perfect - I use users credentials from LDAP and everything is working >> as intended. Now I would like to use the same role for certificate >> enrollment using RPC. In rpc/default.conf file there is a section: >> >> [auth] >> stack = _System >> >> and I can change "_System" to my new stack, but I have no idea how to pass >> user credentials. So far I have noticed that when I do >> >> [auth] >> stack = myStack >> user = user name from LDAP >> pass = user password from LDAP >> >> in rpc/default.conf file, it works, but everyone who knows HTTP URI could >> enroll the certificate. Do you have any solution about how to pass user and >> password needed by a handler in an HTTP request? >> >> Lukasz >> >> _______________________________________________ >> OpenXPKI-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> > > > -- > Protect your environment - close windows and adopt a penguin! > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
