[Pki-devel] [PATCH] pki-cfu-0020-TPSRewrite-credential-match-fix.patch

Christina Fu cfu at redhat.com
Sat Jul 19 01:16:20 UTC 2014 

Thanks to jack for helping me test.
After much consideration, I think I will add my changes on top of his 
last patch instead to make things speedier on both sides.
So, please don't review this patch...

thanks,
Christina

On 07/18/2014 09:22 AM, Christina Fu wrote:
> and here is the patch.
>
> On 07/18/2014 09:18 AM, Christina Fu wrote:
>> This patch is to fix an issue that Jack reported some time ago 
>> regarding authentication in Java TPS.
>> It was speculated that it had to do with ESC and tpsclient not 
>> expecting same credential names, etc.
>> (note: I understand that Jack worked out something that was to get 
>> him through what he was working on, but it was not meant as a 
>> permanent solution, hence my investigation and separate patch)
>>
>> I spent some time investigating to find out the root cause and a 
>> final solution.
>>
>> Here is what I discovered:
>> In the old TPS, in case of "ExtendedLoginRequest", the uid/pwd are 
>> called "UID" and "PASSWORD";
>> where as in case of "LoginRequest", the uid/pwd are called 
>> "screen_name" and "password"
>>
>> In tpsclient, BOTH "ExtendedLoginResponse" and "LoginResponse" are 
>> coded to put "screen_name".  My suspicion is with the old TPS the 
>> "ExtendedLoginRequest" never worked.
>>
>> So, in summary, it's the difference between "extended" and "not 
>> extended" rather than the clients.  The clients just happened to 
>> specify extended/not extended by default so it appears that way.
>>
>> Note: In this patch, I added changes to tpsclient in an attempt to 
>> make extendedLogin work but I learned later from jack that tpsclient 
>> never does that, so please ignore that part of the patch.  I made 
>> some attempt to restore that part of tpsclient with a new patch but 
>> couldn't get it.  I will sort it out with our git experts later.
>>
>> This works with tpsclient, but I am still waiting for jack to test it 
>> out with ESC.
>>
>> thanks,
>> Christina
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140718/b869af94/attachment.htm>

More information about the Pki-devel mailing list