<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Endi,<br>
First of all, thank you for your patience on the irc.<br>
<br>
Here is a summary of my comments/questions:<br>
* I asked if the login/logout thing can be applied to the other
subsystems agent interface<br>
- you said yes. I filed a separate ticket to do later:<br>
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/pki/ticket/902">https://fedorahosted.org/pki/ticket/902</a> - Login & logout
link/page for CA, KRA, OCSP, TKS<br>
<br>
* I asked whether the logout() event can be signalled into the cs
service so the event can be audited. You pondered on some idea, but
I put a note in the new ticket so we can look at later.<br>
<br>
* I asked if window.crypto.logout stuff works for IE as well (we are
required to support IE, as I understand it)?<br>
- I did a quick search and it seems like IE does not support it,
but you can do the following:<br>
document.execCommand('ClearAuthenticationCache');<br>
If the research is going to take a long time, then feel free to
file a separate ticket to take care of it later. Otherwise, please
make sure IE is supported.<br>
<br>
* I asked where the roles under <role-name>*</role-name>
are checked.<br>
- you explained to me that its checked under ACLInterceptor, where
the list of roles is obtained using PKIRealm which takes
acl.properties in for the resource/action acl mapping, and which
correctly used the same underlying group/user framework that's used
by the pre-existing non-rest servlets.<br>
<br>
* I asked why <login-config> does not need
<auth-method>xxx</auth-method> definition in the web.xml<br>
- You explained that because you have a fallback authenticator
called SSLAuthenticatorWithFallback (specified in
tps-tomcat/shared/conf/Catalina/localhost/tps.xml) which looks into
auth-method.properties to check for correct authentication method
for each op.<br>
<br>
Since the first two items are already captured in the new ticket, I
think only the 3rd item needs to be considered for either immediate
addressing or filing for a new ticket. It's up to you.<br>
<br>
That's all I have.<br>
thanks,<br>
Christina<br>
<br>
<div class="moz-cite-prefix">On 03/10/2014 03:42 PM, Endi Sukma
Dewata wrote:<br>
</div>
<blockquote cite="mid:531E3FDD.9000706@redhat.com" type="cite">The
TPS UI has been modified to provide an unprotected front page.
<br>
The main TPS UI has been moved into a protected area. The front
<br>
page provides a login button which when clicked will ask the user
<br>
to authenticate with the client certificate. If the authentication
<br>
is successful, the main page will appear. There is also a logout
<br>
link on the upper right corner of the main page. When clicked it
<br>
will destroy both the client and server sessions.
<br>
<br>
Ticket #846
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
</blockquote>
<br>
</body>
</html>