Hi
I try to setup GUI authentication with client certificates.
It works fine with this handler:
Certificate:
type: ClientX509
role: User
trust_anchor:
realm: <my-realm>
I can authenticate, the username is the CN, the role is User
Now I would like to have a user database to dynamic assign roles to users.
Therefore I changed handler to
Certificate:
type: ClientX509
user@: connector:auth.connector.userdbX509
arg: CN
trust_anchor:
realm: <my-realm>
and added a connector
userdbX509:
class: Connector::Proxy::YAML
LOCATION: /home/pkiadm/userdbX509.yaml
The user database looks like
John Doe:
role: RA Operator
where ‘John Doe’ is the CN of the certificate
With this configuration I can no longer authenticate: Unknown error (service
default handle message failed)
What’s wrong with my configuration?
Thanks in advance
Thomas
NetSec.co AG
Thomas Gusset
CEO & CTO
Im alten Riet 125, 9494 Schaan, Liechtenstein
https://netsec.co
+423 388 2777 / +423 388 2770 (direkt)
[email protected]<mailto:[email protected]>
https://threema.id/NK3MJMNP
Chat on MS
Teams<https://teams.microsoft.com/l/chat/0/[email protected]>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
