Hi Thomas,
I had a quick look at the code and it looks like the docs are incomplete :)
The user database must return a value for the "username" attribute so
can you please try to add the key "username" into the yaml file and try
again.
best regards
Oliver
On 18.08.23 15:09, Thomas Gusset wrote:
Hi
I try to setup GUI authentication with client certificates.
It works fine with this handler:
Certificate:
type: ClientX509
role: User
trust_anchor:
realm: <my-realm>
I can authenticate, the username is the CN, the role is User
Now I would like to have a user database to dynamic assign roles to users.
Therefore I changed handler to
Certificate:
type: ClientX509
user@: connector:auth.connector.userdbX509
arg: CN
trust_anchor:
realm: <my-realm>
and added a connector
userdbX509:
class: Connector::Proxy::YAML
LOCATION: /home/pkiadm/userdbX509.yaml
The user database looks like
John Doe:
role: RA Operator
where ‘John Doe’ is the CN of the certificate
With this configuration I can no longer authenticate: Unknown error
(service default handle message failed)
What’s wrong with my configuration?
Thanks in advance
Thomas**
*NetSec.co AG*
Thomas Gusset
CEO & CTO
Im alten Riet 125, 9494 Schaan, Liechtenstein
https://netsec.co <https://netsec.co>
+423 388 2777 / +423 388 2770 (direkt)
[email protected] <mailto:[email protected]>
https://threema.id/NK3MJMNP <https://threema.id/NK3MJMNP>
Chat on MS Teams
<https://teams.microsoft.com/l/chat/0/[email protected]>
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
