[Pki-devel] [PATCH] pki-cfu-0020-TPSRewrite-credential-match-fix.patch

[Christina Fu]

This patch is to fix an issue that Jack reported some time ago regarding 
authentication in Java TPS.
It was speculated that it had to do with ESC and tpsclient not expecting 
same credential names, etc.
(note: I understand that Jack worked out something that was to get him 
through what he was working on, but it was not meant as a permanent 
solution, hence my investigation and separate patch)

I spent some time investigating to find out the root cause and a final 
solution.

Here is what I discovered:
In the old TPS, in case of "ExtendedLoginRequest", the uid/pwd are 
called "UID" and "PASSWORD";
where as in case of "LoginRequest", the uid/pwd are called "screen_name" 
and "password"

In tpsclient, BOTH "ExtendedLoginResponse" and "LoginResponse" are coded 
to put "screen_name".  My suspicion is with the old TPS the 
"ExtendedLoginRequest" never worked.

So, in summary, it's the difference between "extended" and "not 
extended" rather than the clients.  The clients just happened to specify 
extended/not extended by default so it appears that way.

Note: In this patch, I added changes to tpsclient in an attempt to make 
extendedLogin work but I learned later from jack that tpsclient never 
does that, so please ignore that part of the patch.  I made some attempt 
to restore that part of tpsclient with a new patch but couldn't get it.  
I will sort it out with our git experts later.

This works with tpsclient, but I am still waiting for jack to test it 
out with ESC.

thanks,
Christina