Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Approve certificate request API call fails to be authenticated. Same about assign and unassign calls. #4865

Open
iftikharahmd opened this issue Sep 30, 2024 Discussed in #4846 · 1 comment

Comments

@iftikharahmd
Copy link

Discussed in #4846

Originally posted by iftikharahmd September 7, 2024
I have deployed dogtag pki root CA and subordinate CA. We have to integrate it with our solution where our users will be onbarded by requesting user certificates from dogtag PKI. For this we have successfully tested Submit CSR request API. When we try to test Approve request by providing the SSL client authentication certificate same as used to login to dogtag CA admin UI. The request does not complete there is no clear error in the logs but the following lines are being printed:
2024-09-07 18:17:35 [https-jsse-jss-nio-8446-exec-17] INFO: UGSubsystem: Retrieving user uid=caadmin,ou=People,dc=ca,dc=pki,dc=testdomain,dc=com
2024-09-07 18:17:35 [https-jsse-jss-nio-8446-exec-17] INFO: UGSubsystem: User uid=caadmin,ou=People,dc=ca,dc=pki,dc=testdomain,dc=com:
2024-09-07 18:17:35 [https-jsse-jss-nio-8446-exec-17] INFO: UGSubsystem: - uid: caadmin
2024-09-07 18:17:35 [https-jsse-jss-nio-8446-exec-17] INFO: UGSubsystem: - cn: caadmin
2024-09-07 18:17:35 [https-jsse-jss-nio-8446-exec-17] INFO: UGSubsystem: - mail: [email protected]
2024-09-07 18:17:35 [https-jsse-jss-nio-8446-exec-17] INFO: UGSubsystem: - userPassword: ********
2024-09-07 18:17:35 [https-jsse-jss-nio-8446-exec-17] INFO: UGSubsystem: - usertype: adminType
2024-09-07 18:17:35 [https-jsse-jss-nio-8446-exec-17] INFO: UGSubsystem: - userstate: 1
2024-09-07 18:17:35 [https-jsse-jss-nio-8446-exec-17] INFO: UGSubsystem: - user cert: 2;329827247296419401513186956603190913610;CN=Subordinate CA Signing Certificate,O=EXAMPLE;CN=PKI Administrator,E=[email protected],OU=pki-tomcat,O=testdomain Security Domain
2024-09-07 18:17:35 [https-jsse-jss-nio-8446-exec-17] INFO: AAclAuthz: Granting execute permission for certServer.ca.certrequests

Any idea what could be causing this issue and how I can resolve it. FYI, I am currently using postman to send the API request messages.

@fmarco76
Copy link
Member

If the authentication fails the logs should contains this information but I do not see error in the provided log. Could you try to increase log verbosity?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants