Hi Lixin,
the metadata is not used for the notification (at least not the way you
expect this here) - the metadata node in the profile definition just
defines key/value pairs that will be added to the certificate database.
The existing setup for the recipients in the notification actions comes
from an old use case where those parameters where passed along with the
request as parameters, this is still working to not break legacy support
but it was never a "public and documented" feature.
To have the SAN item set as recipient you need to change the
"_map_notify_to" expression to point either to the hash of the parsed
subject ([% context.cert_subject_parts.SAN_EMAIL.0 %] should work) or
use the metadata which you have defined earlier via the Templating
plugins (Certificate.attr(...)).
Oliver
On 18.09.23 18:53, Lixin Liu wrote:
Hi,
Several months ago, I was asking if I can use SAN_EMAIL field as the email
notification
for anonymous EST request submission.
I had other projects to deal with, so did not investigate further. Now I am
back on this
again and I upgraded release to 3.26 (both software and config).
There are a few questions:
1. The file profile/template/san_email.yaml does not exist
I added this, but I also need to add
label: I18N_OPENXPKI_UI_PROFILE_SAN_EMAIL
description: I18N_OPENXPKI_UI_PROFILE_SAN_EMAIL_DESCRIPTION
as they are not in openxpki.po. I only added en_US as I don't allow any other
language.
2. Adding notification
After adding SAN_EMAIL, I can see the option is presented in the CSR, then I
defined
metadata:
system_id: "[% data.cust_id %]"
server_id: "[% data.server_id %]"
requestor: "[% CN.0 %]"
email: "[% SAN_EMAIL.0 %]"
entity: "[% CN.0 FILTER lower %]"
in the "enroll:" style. I can see these options are successfully processed when
I run the
approval from RA, but showing no receipient:
2023/09/17 15:36:22 openxpki.application.INFO Append (set) certificate metadata
requestor with *******
[pid=45052|sid=iK43|rid=559a13480540|wftype=certificate_enroll|wfid=6399]
2023/09/17 15:36:22 openxpki.application.INFO Append (set) certificate metadata
email with *******
[pid=45052|sid=iK43|rid=559a13480540|wftype=certificate_enroll|wfid=6399]
2023/09/17 15:36:22 openxpki.application.INFO Append (set) certificate metadata
server_id with tlsserver
[pid=45052|sid=iK43|rid=559a13480540|wftype=certificate_enroll|wfid=6399]
2023/09/17 15:36:22 openxpki.application.INFO Append (set) certificate metadata
entity with ********
[pid=45052|sid=iK43|rid=559a13480540|wftype=certificate_enroll|wfid=6399]
2023/09/17 15:36:22 openxpki.application.INFO Trigger notification message
enroll_cert_issued
[pid=45052|sid=iK43|rid=559a13480540|wftype=certificate_enroll|wfid=6399]
2023/09/17 15:36:22 openxpki.system.WARN Failed sending notification
enroll_cert_issued - no receipient
[pid=45052|sid=iK43|rid=559a13480540|wftype=certificate_enroll|wfid=6399]
I see the default workflow for notification is defined in
certificate_enroll.yaml
notify_cert_issued:
class: OpenXPKI::Server::Workflow::Activity::Tools::Notify
param:
_map_notify_cc: $url_notifycc
_map_notify_to: $url_requester
_map_transaction_id: $transaction_id
message: enroll_cert_issued
but I don't see where $url_requester is defined. Almost everywhere, openxpki
config uses requestor (instead of er).
Is this a typo or I am missing something?
Thank you very much.
Lixin.
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
