Hello Antonio,
if you see a state PENDING, the MAC signature was accepted. The example
eligibility code generates the required approval point if the FQDN used
as the common name ends on "openxpki.test". I am pretty sure you will
see the certificate being issued when you use such a CSR. If you want to
approve any request having a valid HMAC, just set the value in the
eligibility iniital section to a literal "1" as seen in the other
sections. For more details please have a look at the quite extensive
documentataion here
https://openxpki.readthedocs.io/en/stable/reference/configuration/workflows/enroll.html.
Oliver
Regarding a donation: I appreciate this but I do the community support
for fun. If you feel you want to give back something, make a donation to
the United Nations educational program or some other NGO around you feel
comfortable with.
On 12.08.23 22:47, Antonio Gamboa wrote:
Hello Oliver.
A really appreciate your support. I was able to authenticate the RPC
request.
Now, I want to auto-approve the request based on the Eligibility
criteria set in the *my-realm/rpc/enroll.yaml:*
eligible:
initial:
value@: connector:rpc.enroll.connector.intranet
args: '[% context.url_mac %]'
renewal:
value: 1
onbehalf:
value: 1
connector:
intranet:
class: OpenXPKI::Connector::Regex
LOCATION: \w+\.openxpki.test(:[\w]+)?\z
macs:
*In the RPC request:
*
*
*
POST /rpc/enroll?mac=demo.openxpki.test HTTP/1.1
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Host: localhost:8443
Content-Length: 1195
method=RequestCertificate&
pkcs10={CSR}&
comment=test&
signature=a254eb2c1b2087ef190024cc7a3edfb75454a7c77bf8ce0badabeb54bfc2adb7
I am just testing the functionality but have not been successful. I
set the mac in query string with a valid string (must pass the regex
evaluation)
*This is the RPC response I receive :
*
{
"result": {
"pid": 1313,
"retry_after": 300,
"data": {
"error_code": "Request was not approved",
"transaction_id": "b760bc72a3a4281c1550df20c2814d52a5e6b92a"
},
"proc_state": "manual",
"state": "PENDING",
"id": 6143
}
}
What am I missing?
An apology for being such a nuisance. If you are able to
receive donations, I would like to support with a donation.
Best regards.
El dom, 6 ago 2023 a las 1:03, Oliver Welter (<m...@oliwel.de>) escribió:
Hello Antonio,
the HMAC Secret is defined in the rpc/enroll.yaml configuration
and the
expected value is an HMAC256 (hex notation) of the DER encoded CSR.
best regards
Oliver
On 05.08.23 06:36, Antonio Gamboa wrote:
> Hi Oliver.
>
> I could set up the RPC API successfully, thanks.
>
> But, I have the following question, How I could create the
signature
> parameter in the RPC request? It is the HMAC authentication, right?
> I want to send this signature to make an authenticated request in
> order to avoid manual authorization in the UI
>
>
> Best regards.
>
>
> _______________________________________________
> OpenXPKI-users mailing list
> OpenXPKI-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
