Hi everyone,
I have configured the apache server to force the user to use HTTPS instead of
HTTP. I am working on my own PC (localhost) so i add in /etc/hosts:
127.0.0.1 openxpki.com
So with my apache configuration, when I type openxpki.com (I am redirected to
localhost/openpki).
The user also need to have a certificate delivered by the right CA to access to
the OpenXPKI webui. (Apache2 conf).
However, I also wanted to use the authentification by certificate present in
the default settings, but everytime I try to use it, the webui says:
"""
Required information is missing!
Your web browser failed to present the required information to log in using the
chosen login method.
Please select a different type of authentication. Go back to login page.
"""
I got this on the webui log file :
2019/05/17 09:32:09 check for cgi session, fcgi pid 22209 [pid=22209|sid=53d6]
2019/05/17 09:32:09 session id (front) is 5774934edc498239ef973eef5a79ad97
[pid=22209|sid=5774]
2019/05/17 09:32:09 Use provided client instance [pid=22209|sid=5774]
2019/05/17 09:32:09 First session reinit with id init [pid=22209|sid=5774]
2019/05/17 09:32:09 New backend session with id cZjG5Wm+Qy+wAMoQ5qiBUw==
[pid=22209|sid=5774]
2019/05/17 09:32:09 current session status GET_PKI_REALM [pid=22209|sid=5774]
2019/05/17 09:32:09 Generate rtoken [pid=22209|sid=5774]
2019/05/17 09:32:09 Baseurl from referrer: [pid=22209|sid=5774]
2019/05/17 09:32:09 request handled [pid=22209|sid=5774]
2019/05/17 09:32:09 check for cgi session, fcgi pid 22209 [pid=22209|sid=5774]
2019/05/17 09:32:09 session id (front) is 5774934edc498239ef973eef5a79ad97
[pid=22209|sid=5774]
2019/05/17 09:32:09 Use provided client instance [pid=22209|sid=5774]
2019/05/17 09:32:09 First session reinit with id cZjG5Wm+Qy+wAMoQ5qiBUw==
[pid=22209|sid=5774]
2019/05/17 09:32:09 Resume backend session with id cZjG5Wm+Qy+wAMoQ5qiBUw==
[pid=22209|sid=5774]
2019/05/17 09:32:09 current session status GET_PKI_REALM [pid=22209|sid=5774]
2019/05/17 09:32:09 not logged in - doing auth - page is login - action is
[pid=22209|sid=5774]
2019/05/17 09:32:09 request handled [pid=22209|sid=5774]
2019/05/17 09:32:10 check for cgi session, fcgi pid 22209 [pid=22209|sid=5774]
2019/05/17 09:32:10 session id (front) is 5774934edc498239ef973eef5a79ad97
[pid=22209|sid=5774]
2019/05/17 09:32:10 Use provided client instance [pid=22209|sid=5774]
2019/05/17 09:32:10 First session reinit with id cZjG5Wm+Qy+wAMoQ5qiBUw==
[pid=22209|sid=5774]
2019/05/17 09:32:10 Resume backend session with id cZjG5Wm+Qy+wAMoQ5qiBUw==
[pid=22209|sid=5774]
2019/05/17 09:32:10 current session status GET_PKI_REALM [pid=22209|sid=5774]
2019/05/17 09:32:10 not logged in - doing auth - page is - action is
login!realm [pid=22209|sid=5774]
2019/05/17 09:32:10 set realm in session: ca-one [pid=22209|sid=5774]
2019/05/17 09:32:10 Selected realm ca-one, new status GET_AUTHENTICATION_STACK
[pid=22209|sid=5774]
2019/05/17 09:32:10 request handled [pid=22209|sid=5774]
2019/05/17 09:32:13 check for cgi session, fcgi pid 22209 [pid=22209|sid=5774]
2019/05/17 09:32:13 session id (front) is 5774934edc498239ef973eef5a79ad97
[pid=22209|sid=5774]
2019/05/17 09:32:13 Use provided client instance [pid=22209|sid=5774]
2019/05/17 09:32:13 First session reinit with id cZjG5Wm+Qy+wAMoQ5qiBUw==
[pid=22209|sid=5774]
2019/05/17 09:32:13 Resume backend session with id cZjG5Wm+Qy+wAMoQ5qiBUw==
[pid=22209|sid=5774]
2019/05/17 09:32:13 current session status GET_AUTHENTICATION_STACK
[pid=22209|sid=5774]
2019/05/17 09:32:13 not logged in - doing auth - page is - action is
login!stack [pid=22209|sid=5774]
2019/05/17 09:32:13 set auth_stack in session: Client Certificate
[pid=22209|sid=5774]
2019/05/17 09:32:13 Authentication stack: Client Certificate
[pid=22209|sid=5774]
2019/05/17 09:32:14 Selected realm ca-one, new status GET_CLIENT_X509_LOGIN
[pid=22209|sid=5774]
2019/05/17 09:32:14 Requested login type CLIENT_X509 [pid=22209|sid=5774]
2019/05/17 09:32:14 Certificate missing for X509 Login [pid=22209|sid=5774]
2019/05/17 09:32:14 session logout [pid=22209|sid=5774]
2019/05/17 09:32:14 request handled [pid=22209|sid=5774]
The final idea would be to create a double authentification system:
- The certificate to identify the user (possess a proof)
- The password to authentificate the user (knows a secret)
Did i miss something ? The user certificate had been imported in the browser
(Mozilla firefox), and used to access to the webui. I don't understand why it
does not work.
Daniel
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
