Despite the fact that the guts of the tomcat tps has not been written, it should allow one to install it as a stand-alone tomcat instance and provide same functionality as if it were in the same tomcat instance as other subsystems. However, it is not the case. First I could not bring it up with pkispawn (before auto config was even attempted), then I skipped the auto config, and tried manual config, but it sat on "Getting Session ID" (caGetCookie) forever.
This problem needs to be further investigated and resolved.
This is very important. It is a good candidate for 10.2, if time.
Proposed Milestone: 10.2.2 (per CS Meeting of 09/17/2014)
Per 10.2.2 Triage meeting of 02/24/2015: 10.2.3
Attempted interactive and autoconfig of TPS when CA KRA, TKS and TPS are on different tomcat instances. TPS installation was successful.
Christina, please confirm if there is anything more that needs to be tested for this ticket.
Moving to 10.2.4 per CS team meeting.
Per Dogtag 10.2.x TRIAGE meeting of 04/28/2015: (seems like a foundational issue -- assign to cfu to verify whether or not this is still an issue)
Here is the result of trying out 10.2.4 (that's 15 months since the initial ticket report, so it's way better, as expected):
[29/May/2015:10:49:55]http-bio-26080-exec-1: TPSProcessor.getSharedSecretTransportKey: calculated key name: sharedSecret2 It seemed to blow up at the following call: TPSProcessor.getSharedSecretTransportKey: symmKeys = SessionKey.ListSymmetricKeys("internal"); As there was no more debug messages printed after that.
Further investigation will be needed, possibly in pki-symkey.
The sharedSecret not imported into TPS issue will be covered by the following ticket: https://fedorahosted.org/pki/ticket/758
I found the symkey function blew up issue to be the result of missing symkey.jar symlink. Which will be addressed in this ticket.
pushed to master:
commit f9b461b78032e1b232037ae7420828f90935b51a Author: Christina Fu cfu@redhat.com Date: Fri May 29 15:47:02 2015 -0700
Ticket 867 Need to support TPS as a separate tomcat instance. This patch addressed the issue that TPS on independent Tomcat is mi symlink to symkey.jar and causes all symkey method reference to fai
for 10.2.4, workaround can be done without this fix:
After installing TPS (on a separate Tomcat instance), shut it down, cd /var/lib/pki/<tps instance>/common/lib/ ln -s /usr/lib/java/symkey.jar symkey.jar
Note, due to #758, you want to set up the sharedSecret while TPS is still down.
start TPS.
Turns out that even though the symlink to JNI in per instance directory does not work in shared instance. Revert back to original patch with adjustment to create symlink as long as symkey lib exists, regardless of subsystem. It was tested to work in both shared and non-shared tomcat instances.
commit 311650625be0c8e5f42c71c7d5020e5a11ecf034
Metadata Update from @cfu: - Issue assigned to cfu - Issue set to the milestone: 10.2.5
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1434
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Log in to comment on this ticket.