#7113 Add Certificate Mapping Data: confusing selection of options
Opened 3 years ago by pvoborni. Modified 3 months ago

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1480272

Created attachment 1311794
Add Certificate Mapping Data

Description of problem:

The form for adding cert mapping data in the web UI (see the attached
screenshot) makes it look like the users have two options -- two radio buttons:
cert mapping data, or issuer and subject.

However, there are actually three options: provide certificate mapping data,
the certificate, or the issuer and subject.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Open the web UI.
2. Click Identity > Users > a user > Certificate Mapping Data - Add.

Actual results:

Two radio buttons, which suggests only two equivalent options for providing the
data. Users might think that both Cert mapping data and Certificate are
required, for example.


Expected results:

Change the form for adding the data. For example, three radio buttons, each for
one of the available options, would make the expected input much clearer.


Additional info:

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1480272

3 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1480272

3 years ago

Metadata Update from @pvoborni:
- Issue assigned to pvomacka
- Issue tagged with: easyfix, webui

3 years ago

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.5.3 (was: FreeIPA 4.6)

3 years ago

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.5.4 (was: FreeIPA 4.5.3)

3 years ago

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.5.5 (was: FreeIPA 4.5.4)

2 years ago

I would argue it is fine as it is. The ipacertmapdata and certificate fields don't have the required flag set so either one of them or both can be filled.
Meaning the following cases are covered:

  • data
  • certificate
  • data + certificate

The second radio button option covers correctly the issuer + subject case.

add_certmap_data.png

The issue is valid from my POV. If the user adds Certificate Mapping data through the "Certificate -> Add" button, the result is that the subject + issuer are extracted from the provided certificate, and Certificate Mapping Data is built as X509:issuer<s>subject, the same way as if the user provides issuer + subject.

If the user directly provides Certificate Mapping data, the data format is not constrained to X509:issuer<s>subject and can contain anything that is compliant with the mapping rule format defined in sss-certmap(5).

It would make more sense to group the "Certificate -> Add" button with "Issuer and subject".

Metadata Update from @frenaud:
- Issue set to the milestone: None (was: FreeIPA 4.5.5)

3 months ago

Login to comment on this ticket.

Metadata
Attachments 1
Attached 3 months ago View Comment