https://bugzilla.redhat.com/show_bug.cgi?id=889404 (Red Hat Certificate System)
``` Description of problem: If one try to enroll using for example directory authentication, but the auth manager is not confugred in CS.cfg (profile configured ok), although there is a error message in the web browser, there are no debug log entries to give a hint on what is going on, you need a screen copy or copy/paste of the EE service to get an idea.
Steps to Reproduce: 1. default CS.cfg config, no auths.instance.UserDirEnrollment entries in CS.cfg 2. CA up and running 3. enroll for Directory-Authenticated User Dual-Use Certificate Enrollment https://ca1.example.com:9444/ca/ee/ca/profileSelect?profileId=caDirUserCert 4. review debug log, no hint in there
Actual results:
in Firefox: " Certificate Profile Use this form to submit the request.
Sorry, your request is not submitted. The error code is "Authentication Manager UserDirEnrollment Not Found". "
no matching debug log entry
Expected results:
have a corresponding debug log entry
Additional info:
tests:
default:
no auths.instance.UserDirEnrollment from CS.cfg
diff /etc/pki-ca/CS.cfg /etc/pki-ca/CS.cfg.UserDirEnrollment.txt 53a54,64
auths.instance.UserDirEnrollment.dnpattern=uid=$attr.uid,ou=people,dc=example ,dc=com auths.instance.UserDirEnrollment.ldapByteAttributes= auths.instance.UserDirEnrollment.ldapStringAttributes= auths.instance.UserDirEnrollment.pluginName=UidPwdDirAuth auths.instance.UserDirEnrollment.ldap.basedn=ou=people,dc=example,dc=com auths.instance.UserDirEnrollment.ldap.maxConns= auths.instance.UserDirEnrollment.ldap.minConns= auths.instance.UserDirEnrollment.ldap.ldapconn.host=10.14.7.222 auths.instance.UserDirEnrollment.ldap.ldapconn.port=389 auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn=false auths.instance.UserDirEnrollment.ldap.ldapconn.version=3
https://10.14.5.17:9444/ca/ee/ca/profileSelect?profileId=caDirUserCert Certificate Profile Use this form to submit the request. Sorry, your request is not submitted. The error code is "Authentication Manager UserDirEnrollment Not Found".
debug has only:
[20/Dec/2012:16:57:41][http-9444-Processor25]: according to ccMode, authorization for servlet: caProfileSelect is LDAP based, not XML {1}, use default authz mgr: {2}. [20/Dec/2012:16:57:41][http-9444-Processor25]: according to ccMode, authorization for servlet: caProfileSelect is LDAP based, not XML {1}, use default authz mgr: {2}. [20/Dec/2012:16:57:41][http-9444-Processor25]: CMSServlet:service() uri = /ca/ee/ca/profileSelect [20/Dec/2012:16:57:41][http-9444-Processor25]: CMSServlet::service() param name='profileId' value='caDirUserCert' [20/Dec/2012:16:57:41][http-9444-Processor25]: CMSServlet: caProfileSelect start to service. [20/Dec/2012:16:57:41][http-9444-Processor25]: ProfileSelectServlet: start serving [20/Dec/2012:16:57:41][http-9444-Processor25]: CMSServlet: in auditSubjectID [20/Dec/2012:16:57:41][http-9444-Processor25]: CMSServlet: auditSubjectID auditContext null [20/Dec/2012:16:57:41][http-9444-Processor25]: CMSServlet: in auditGroupID [20/Dec/2012:16:57:41][http-9444-Processor25]: CMSServlet: auditGroupID auditContext null [20/Dec/2012:16:57:41][http-9444-Processor25]: checkACLS(): ACLEntry expressions= user="anybody" [20/Dec/2012:16:57:41][http-9444-Processor25]: evaluating expressions: user="anybody" [20/Dec/2012:16:57:41][http-9444-Processor25]: evaluated expression: user="anybody" to be true [20/Dec/2012:16:57:41][http-9444-Processor25]: DirAclAuthz: authorization passed [20/Dec/2012:16:57:41][http-9444-Processor25]: SignedAuditEventFactory: create() message=[AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=S uccess][aclResource=certServer.ee.profile][Op=read] authorization success
[20/Dec/2012:16:57:41][http-9444-Processor25]: SignedAuditEventFactory: create() message=[AuditEvent=ROLE_ASSUME][SubjectID=$Unidentified$][Outcome=Suc cess][Role=<null>] assume privileged role
[20/Dec/2012:16:57:41][http-9444-Processor25]: ProfileSelectServlet: SubId=profile [20/Dec/2012:16:57:41][http-9444-Processor25]: ProfileSelectServlet: profileId=caDirUserCert [20/Dec/2012:16:57:41][http-9444-Processor25]: Property policyset.userCertSet.2.constraint.params.notBeforeGracePeriod missing value [20/Dec/2012:16:57:41][http-9444-Processor25]: ProfileSelectServlet: keyArchivalEnabled is false [20/Dec/2012:16:57:42][http-9444-Processor25]: CMSServlet: curDate=Thu Dec 20 16:57:42 PST 2012 id=caProfileSelect time=327
it does not tell anything about the issue.
with debug log entry:
diff ./pki-common-8.1.3/src/com/netscape/cms/servlet/profile/ProfileSelectServl et.java ./pki-common-8.1.3/src/com/netscape/cms/servlet/profile/ProfileSelectSe rvlet.java.orig 253d252 < CMS.debug("ProfileSelectServlet: error: "+CMS.getUserMessage(locale, "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", profile.getAuthenticatorId() ) );
rpm -Uvh /root/pki-common-8.1.3-3testms.noarch.rpm /etc/init.d/pki-ca start
https://10.14.5.17:9444/ca/ee/ca/profileSelect?profileId=caDirUserCert
Certificate Profile Use this form to submit the request. Sorry, your request is not submitted. The error code is "Authentication Manager UserDirEnrollment Not Found".
debug log not shows:
[20/Dec/2012:20:25:37][http-9444-Processor25]: ProfileSelectServlet: error: Authentication Manager UserDirEnrollment Not Found [20/Dec/2012:20:25:37][http-9444-Processor25]: CMSServlet: curDate=Thu Dec 20 20:25:37 PST 2012 id=caProfileSelect time=369
Metadata Update from @nkinder: - Issue assigned to vakwetu - Issue set to the milestone: UNTRIAGED
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1046
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.