[Pki-devel] [PATCH] 422 Added login page for TPS UI.

Christina Fu cfu at redhat.com
Tue Mar 11 17:35:29 UTC 2014 

Hi Endi,
First of all, thank you for your patience on the irc.

Here is a summary of my comments/questions:
* I asked if the login/logout thing can be applied to the other 
subsystems agent interface
   - you said yes.  I filed a separate ticket to do later:
      https://fedorahosted.org/pki/ticket/902 - Login & logout link/page 
for CA, KRA, OCSP, TKS

* I asked whether the logout() event can be signalled into the cs 
service so the event can be audited.  You pondered on some idea, but I 
put a note in the new ticket so we can look at later.

* I asked if window.crypto.logout stuff works for IE as well (we are 
required to support IE, as I understand it)?
  - I did a quick search and it seems like IE does not support it, but 
you can do the following:
   document.execCommand('ClearAuthenticationCache');
    If the research is going to take a long time, then feel free to file 
a separate ticket to take care of it later.  Otherwise, please make sure 
IE is supported.

* I asked where the roles under <role-name>*</role-name> are checked.
  - you explained to me that its checked under ACLInterceptor, where the 
list of roles is obtained using PKIRealm which takes acl.properties in 
for the resource/action acl mapping, and which correctly used the same 
underlying group/user framework that's used by the pre-existing non-rest 
servlets.

* I asked why <login-config> does not need 
<auth-method>xxx</auth-method> definition in the web.xml
   - You explained that because you have a fallback authenticator called 
SSLAuthenticatorWithFallback (specified in 
tps-tomcat/shared/conf/Catalina/localhost/tps.xml) which looks into 
auth-method.properties to check for correct authentication method for 
each op.

Since the first two items are already captured in the new ticket, I 
think only the 3rd item needs to be considered for either immediate 
addressing or filing for a new ticket.  It's up to you.

That's all I have.
thanks,
Christina

On 03/10/2014 03:42 PM, Endi Sukma Dewata wrote:
> The TPS UI has been modified to provide an unprotected front page.
> The main TPS UI has been moved into a protected area. The front
> page provides a login button which when clicked will ask the user
> to authenticate with the client certificate. If the authentication
> is successful, the main page will appear. There is also a logout
> link on the upper right corner of the main page. When clicked it
> will destroy both the client and server sessions.
>
> Ticket #846
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140311/1278a40f/attachment.htm>

More information about the Pki-devel mailing list