This patch addresses:
https://fedorahosted.org/pki/ticket/2498 Token format with external reg
fails when op.format.externalRegAddToToken.revokeCert=true
It actually could be easily worked around by manually adding the missing
params
op.format.externalRegAddToToken.auth.id=ldap1
op.format.externalRegAddToToken.ca.conn=ca1
op.format.externalRegAddToToken.tks.conn=tks1
While fixing the CS.cfg, it was observed that there were some references
of non-defined ldap2 and ldap3, so they are also changed to ldap1.
A couple useful debug messages are added as well.
Christina
>From 9d91230e99e6d96fd19e18e83b356c8bcbe20f52 Mon Sep 17 00:00:00 2001
From: Christina Fu
Date: Mon, 10 Oct 2016 16:05:26 -0700
Subject: [PATCH] Ticket #2498 Token format with external reg fails when
op.format.externalRegAddToToken.revokeCert=true This patch adds the missing
parameters in the CS.cfg for externalRegAddToToken in regards to format
operation. It also changed the non-defined ldap2 and ldap3 and ldap1
---
base/tps/shared/conf/CS.cfg| 18 +++---
.../server/tps/processor/TPSEnrollProcessor.java | 3 ++-
.../dogtagpki/server/tps/processor/TPSProcessor.java | 1 +
3 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/base/tps/shared/conf/CS.cfg b/base/tps/shared/conf/CS.cfg
index d5d9daf00c22d4ac5298443b45952d6094817327..a585e5db7f587a769e775d08a65d26481d3aab31 100644
--- a/base/tps/shared/conf/CS.cfg
+++ b/base/tps/shared/conf/CS.cfg
@@ -463,7 +463,7 @@ op.format.delegateIEtoken.minimumGPKeyVersion=01
op.format.delegateIEtoken.maximumGPKeyVersion=FF
op.format.delegateIEtoken.rollbackKeyVersionOnPutKeyFailure=false
op.format.delegateIEtoken.validateCardKeyInfoAgainstTokenDB=true
-op.format.delegateIEtoken.auth.id=ldap3
+op.format.delegateIEtoken.auth.id=ldap1
op.format.delegateIEtoken.ca.conn=ca1
op.format.delegateIEtoken.cardmgr_instance=A3
op.format.delegateIEtoken.issuerinfo.enable=true
@@ -761,7 +761,7 @@ op.format.delegateISEtoken.minimumGPKeyVersion=01
op.format.delegateISEtoken.maximumGPKeyVersion=FF
op.format.delegateISEtoken.rollbackKeyVersionOnPutKeyFailure=false
op.format.delegateISEtoken.validateCardKeyInfoAgainstTokenDB=true
-op.format.delegateISEtoken.auth.id=ldap3
+op.format.delegateISEtoken.auth.id=ldap1
op.format.delegateISEtoken.ca.conn=ca1
op.format.delegateISEtoken.cardmgr_instance=A3
op.format.delegateISEtoken.issuerinfo.enable=true
@@ -857,17 +857,21 @@ op.format.externalRegAddToToken.minimumGPKeyVersion=01
op.format.externalRegAddToToken.maximumGPKeyVersion=FF
op.format.externalRegAddToToken.rollbackKeyVersionOnPutKeyFailure=false
op.format.externalRegAddToToken.validateCardKeyInfoAgainstTokenDB=true
+op.format.externalRegAddToToken.auth.id=ldap1
+op.format.externalRegAddToToken.ca.conn=ca1
op.format.externalRegAddToToken.cardmgr_instance=A3
op.format.externalRegAddToToken.issuerinfo.enable=true
op.format.externalRegAddToToken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
+op.format.externalRegAddToToken.loginRequest.enable=true
+op.format.externalRegAddToToken.revokeCert=false
+op.format.externalRegAddToToken.revokeCert.reason=0
+op.format.externalRegAddToToken.tks.conn=tks1
op.format.externalRegAddToToken.update.applet.directory=/usr/share/pki/tps/applets
op.format.externalRegAddToToken.update.applet.emptyToken.enable=true
op.format.externalRegAddToToken.update.applet.encryption=true
op.format.externalRegAddToToken.update.applet.requiredVersion=1.4.54de790f
op.format.externalRegAddToToken.update.symmetricKeys.enable=false
op.format.externalRegAddToToken.update.symmetricKeys.requiredVersion=1
-op.format.externalRegAddToToken.revokeCert=false
-op.format.externalRegAddToToken.revokeCert.reason=0
op.enroll.allowUnknownToken=true
op.enroll.mappingResolver=enrollProfileMappingResolver
op.enroll.soKey.cuidMustMatchKDD=false
@@ -877,7 +881,7 @@ op.enroll.soKey.maximumGPKeyVersion=FF
op.enroll.soKey.rollbackKeyVersionOnPutKeyFailure=false
op.enroll.soKey.validateCardKeyInfoAgainstTokenDB=true
op.enroll.soKey.auth.enable=true
-op.enroll.soKey.auth.id=ldap2
+op.enroll.soKey.auth.id=ldap1
op.enroll.soKey.cardmgr_instance=A3
op.enroll.soKey.issuerinfo.enable=true
op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
@@ -1030,7 +1034,7 @@ op.enroll.soKeyTemporary.maximumGPKeyVersion=FF
op.enroll.soKeyTemporary.rollbackKeyVersionOnPutKeyFailure=false
op.enroll.soKeyTemporary.validateCardKeyInfoAgainstTokenDB=true
op.enroll.soKeyTemporary.auth.enable=true
-op.enroll.soKeyTemporary.auth.id=ldap2
+op.enroll.soKeyTemporary.auth.id=ldap1
op.enroll.soKeyTemporary.cardmgr_instance=A3
op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1
op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
@@ -1611,7 +1615,7 @@ op.format.soKey.maximumGPKeyVersion=FF
op.format.soKey.rollbackKey