Hello Oliver,
Thank you for the quick reply and support!
> This is intended - the "error_code" is a bit misleading. You should
> check the value of "proc_state" to detect if the workflow is in a final
> state.
It is indeed a bit misleading but I understand the reason it is like that.
I can indeed deal with "proc_state" instead.
> A generic duplicate key check never made it in to the upstream version
> of the workflow as its not that easy for the general case so we always
> customize this for the actual project. You can "just" copy over the used
> actions and checks from the UI workflow to fit your needs.
Alright, thanks for the precision.
> Add the "publish_certificate" action at the end if the workflow.
Indeed, I had not looked too much into the workflows config so far and thought
that the same workflow was used for both (or at least part of).
But I was obviously on the wrong track and it works now!
-Guillaume
On 07/04/2020, 19:29, "Oliver Welter" <m...@oliwel.de> wrote:
Hello Guillaume,
Am 07.04.20 um 11:55 schrieb Guillaume Bour:
>
> 1. I need to have only a manual approval from the operator, but no
> authorization is required. I configured the policy in
> rpc/enroll.yaml (see below) and it works, the status is indeed
> ‘PENDING’ once I connect using the operator account. However, the
> response to my RPC request contains the following error:
> {'error_code': 'I18N_OPENXPKI_UI_ENROLLMENT_ERROR_NOT_APPROVED', ….
> } when I would expect a PENDING status. Did I configure it correctly?
>
This is intended - the "error_code" is a bit misleading. You should
check the value of "proc_state" to detect if the workflow is in a final
state.
> 2. I would expect the workflow to be almost the same when using RPC and
> the UI, but some steps are missing with my current setup: when
> submitting twice the same CSR using RPC, I don’t get any error,
> while I get a “Duplicate Key Error (Certificate)” when submitting
> the CSR again using the UI. How do I get this verification on the
> RPC interface as well?
A generic duplicate key check never made it in to the upstream version
of the workflow as its not that easy for the general case so we always
customize this for the actual project. You can "just" copy over the used
actions and checks from the UI workflow to fit your needs.
> 3. I configured my entity_profile so that the issued certificates are
> published to the /var/www/download directory, which works with the
> UI but not with RPC. How can I achieve this?
Add the "publish_certificate" action at the end if the workflow.
Oliver
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
