Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1480272
Created attachment 1311794 Add Certificate Mapping Data Description of problem: The form for adding cert mapping data in the web UI (see the attached screenshot) makes it look like the users have two options -- two radio buttons: cert mapping data, or issuer and subject. However, there are actually three options: provide certificate mapping data, the certificate, or the issuer and subject. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Open the web UI. 2. Click Identity > Users > a user > Certificate Mapping Data - Add. Actual results: Two radio buttons, which suggests only two equivalent options for providing the data. Users might think that both Cert mapping data and Certificate are required, for example. Expected results: Change the form for adding the data. For example, three radio buttons, each for one of the available options, would make the expected input much clearer. Additional info:
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1480272
Metadata Update from @pvoborni: - Issue assigned to pvomacka - Issue tagged with: easyfix, webui
Metadata Update from @pvoborni: - Issue set to the milestone: FreeIPA 4.5.3 (was: FreeIPA 4.6)
Metadata Update from @pvoborni: - Issue set to the milestone: FreeIPA 4.5.4 (was: FreeIPA 4.5.3)
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.5.5 (was: FreeIPA 4.5.4)
I would argue it is fine as it is. The ipacertmapdata and certificate fields don't have the required flag set so either one of them or both can be filled. Meaning the following cases are covered:
ipacertmapdata
certificate
The second radio button option covers correctly the issuer + subject case.
<img alt="add_certmap_data.png" src="/freeipa/issue/raw/files/2301e0581753a15bad8b57de14ce0d42a2f91b1f91e504d20d64a1aa689f3034-add_certmap_data.png" />
The issue is valid from my POV. If the user adds Certificate Mapping data through the "Certificate -> Add" button, the result is that the subject + issuer are extracted from the provided certificate, and Certificate Mapping Data is built as X509:issuer<S>subject, the same way as if the user provides issuer + subject.
If the user directly provides Certificate Mapping data, the data format is not constrained to X509:issuer<S>subject and can contain anything that is compliant with the mapping rule format defined in sss-certmap(5).
It would make more sense to group the "Certificate -> Add" button with "Issuer and subject".
Metadata Update from @frenaud: - Issue set to the milestone: None (was: FreeIPA 4.5.5)
Log in to comment on this ticket.