IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Use Dogtag REST API for certificate requests

Browse Source 
The Dogtag REST API gives better responses statuses than the RPC API
and properly reports failure due to disabled CA (status 409).  Make
'ra' extend 'RestClient' and refactor the 'request_certificate'
method to use Dogtag's REST API.

Part of: https://fedorahosted.org/freeipa/ticket/6260
Part of: https://fedorahosted.org/freeipa/ticket/3473

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Fraser Tweedale
2016-08-26 10:02:21 +10:00
committed by Martin Babinsky
parent d812675635
commit dd5ed21c19
2 changed files with 193 additions and 287 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
install/conf/ipa-pki-proxy.conf
View File

@@ -1,4 +1,4 @@
# VERSION 9 - DO NOT REMOVE THIS LINE
# VERSION 10 - DO NOT REMOVE THIS LINE
ProxyRequests Off
@@ -27,7 +27,7 @@ ProxyRequests Off
</LocationMatch>
# matches for CA REST API
<LocationMatch "^/ca/rest/account/login|^/ca/rest/account/logout|^/ca/rest/installer/installToken|^/ca/rest/securityDomain/domainInfo|^/ca/rest/securityDomain/installToken|^/ca/rest/profiles|^/ca/rest/authorities|^/ca/rest/admin/kraconnector/remove">
<LocationMatch "^/ca/rest/account/login|^/ca/rest/account/logout|^/ca/rest/installer/installToken|^/ca/rest/securityDomain/domainInfo|^/ca/rest/securityDomain/installToken|^/ca/rest/profiles|^/ca/rest/authorities|^/ca/rest/certrequests|^/ca/rest/admin/kraconnector/remove">
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient optional
ProxyPassMatch ajp://localhost:$DOGTAG_PORT