[Pki-devel] [PATCH] pki-cfu-0020-TPSRewrite-credential-match-fix.patch
Christina Fu
cfu at redhat.com
Sat Jul 19 01:16:20 UTC 2014
Thanks to jack for helping me test.
After much consideration, I think I will add my changes on top of his
last patch instead to make things speedier on both sides.
So, please don't review this patch...
thanks,
Christina
On 07/18/2014 09:22 AM, Christina Fu wrote:
> and here is the patch.
>
> On 07/18/2014 09:18 AM, Christina Fu wrote:
>> This patch is to fix an issue that Jack reported some time ago
>> regarding authentication in Java TPS.
>> It was speculated that it had to do with ESC and tpsclient not
>> expecting same credential names, etc.
>> (note: I understand that Jack worked out something that was to get
>> him through what he was working on, but it was not meant as a
>> permanent solution, hence my investigation and separate patch)
>>
>> I spent some time investigating to find out the root cause and a
>> final solution.
>>
>> Here is what I discovered:
>> In the old TPS, in case of "ExtendedLoginRequest", the uid/pwd are
>> called "UID" and "PASSWORD";
>> where as in case of "LoginRequest", the uid/pwd are called
>> "screen_name" and "password"
>>
>> In tpsclient, BOTH "ExtendedLoginResponse" and "LoginResponse" are
>> coded to put "screen_name". My suspicion is with the old TPS the
>> "ExtendedLoginRequest" never worked.
>>
>> So, in summary, it's the difference between "extended" and "not
>> extended" rather than the clients. The clients just happened to
>> specify extended/not extended by default so it appears that way.
>>
>> Note: In this patch, I added changes to tpsclient in an attempt to
>> make extendedLogin work but I learned later from jack that tpsclient
>> never does that, so please ignore that part of the patch. I made
>> some attempt to restore that part of tpsclient with a new patch but
>> couldn't get it. I will sort it out with our git experts later.
>>
>> This works with tpsclient, but I am still waiting for jack to test it
>> out with ESC.
>>
>> thanks,
>> Christina
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140718/b869af94/attachment.htm>
More information about the Pki-devel
mailing list